LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Single Packet Authorization (Linux Journal)

Single Packet Authorization (Linux Journal)

Posted Mar 11, 2007 21:32 UTC (Sun) by ekj (guest, #1524)
Parent article: Single Packet Authorization (Linux Journal)

I'm extremely skeptical of any "security"-product designed by people who sprout useless crap like: For instance, the raw ElGamal algorithm used by GnuPG doubles the plain-text size when encrypting data. Even though GnuPG also utilizes compression (which can sometimes reduce the size of the cipher text to below the original size of the plain text), the typically large key size of GnuPG keys implies that the cipher text for even the smallest messages will be in the hundreds of bytes.

Stupidity ^ 3.

First, all major encryption-algorithms are 1:1 in size plaintext-ciphertext, it doesn't matter if you encrypt using AES, triple-Des, Twofish or Blowfish, in all cases the ciphertext is going to be exactly as large as the plaintext. Thus, the entire rationale, that "ciphertext is large" is plain and simple bullshit.

Secondly, port-knocking ain't really designed to guard against an attacker that has full access to your network-traffic and can scan and replay at will. It's designed to make automated scanning and zero-day automated exploits just that little bit more difficult. A 5-port knocking-sequence has 80 bits of entropy, the odds that a random scanner gets it rigth are 1:2^80, which is adequate for repelling most automated attacks.

Third, moving crypto into this layer actively *hurts* security. The point is to have a guardian that is so simple that you can feel completely confident that the guardian itself has no bugs.

The moment you have a crypto-application listening on udp:6112 (or whatever) for a magical packet, you're not much better off than just letting sshd do the same job on a tcp-port. The *sole* remaining possibly useful idea is the idea: "Don't let an attacker know that you're even listening until he has successfully convinced you he is a friend".

(Log in to post comments)

Single Packet Authorization (Linux Journal)

Posted Apr 14, 2007 17:04 UTC (Sat) by mrash (guest, #44663) [Link]

All of the encryption algorithms you mention as 1:1 plaintext-ciphertext ratio are _symmetric_ ciphers. ElGamal is not a symmetric cipher. While I don't know what the exact ratio is (and I suspect there will be differences depending on the size of the plaintext - especially if the plaintext size is very small), try encrypting a single byte of data with an ElGamal cipher and take a look a how large the ciphertext is. It is not 1 byte.

Your statement about the fact that "port knocking is not designed to guard against an attacker that has full access to your network-traffic and can scan and replay at will" is true because port knocking has such serious limitations. SPA is designed to offer protection from just such an attacker. The fwknop (http://www.cipherdyne.org/fwknop) implementation is written in a buffer safe language (perl) using standard encryption algorithms. While I agree that no software is 100% secure (ever), that is not the point. I'm trying to make the "prove you are a friend before granting access through the firewall" stance as strong as possible.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds