You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
emanuele-f c89ece71ca Code rework changes 6 years ago
..
README.md Drop keyschedule support 6 years ago
edge_keyschedule.c Code rework changes 6 years ago
gen_keyfile.py Drop keyschedule support 6 years ago
n2n_keyfile.c Drop keyschedule support 6 years ago
n2n_keyfile.h Drop keyschedule support 6 years ago
transform_aes.c Drop keyschedule support 6 years ago
transform_tf.c Drop keyschedule support 6 years ago

README.md

Removed Features

This folder contains a list N2N legacy features which have been dropped due to maintainance cost versus effective use and benefits.

Multiple Transops

N2N used to initialize all the available transops and use the "tick" function of the transops to decide which transop to use before sending a packet. This however has the following problems:

  • It only works with the keyfile, whereas with normal encryption we inizialize and keep structures that we don't need.
  • It is unfeasable as an edge node is required to implement all the transops in order to properly talk with other edge nodes (via keyfile).
  • It rises the complexity of the code.
  • It is not clear which transop will be used.
  • Mixing multiple encyptions together is not necessarily a good idea to improve security as a vulnerability in at least one encryption method will leak some information.

Keyfile and Key Rotation

The keyfile mechanism allowed N2N users to specify a keyfile to be used to periodically rotate keys and encryption methods. However, it has the following problems:

  • This feature is obscure for most of the users and poorly documented.
  • It is tightly integrated in the core whereas it is used by only a few people (if any).

In conclusion the main problem is the complexity that it adds to the code. In a possible future rework this could be integrated as an extention (e.g. a specific trasop) without rising the core complexity.