LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Single Packet Authorization (Linux Journal)

Single Packet Authorization (Linux Journal)

Posted Apr 14, 2007 17:04 UTC (Sat) by mrash (guest, #44663)
In reply to: Single Packet Authorization (Linux Journal) by ekj
Parent article: Single Packet Authorization (Linux Journal)

All of the encryption algorithms you mention as 1:1 plaintext-ciphertext ratio are _symmetric_ ciphers. ElGamal is not a symmetric cipher. While I don't know what the exact ratio is (and I suspect there will be differences depending on the size of the plaintext - especially if the plaintext size is very small), try encrypting a single byte of data with an ElGamal cipher and take a look a how large the ciphertext is. It is not 1 byte.

Your statement about the fact that "port knocking is not designed to guard against an attacker that has full access to your network-traffic and can scan and replay at will" is true because port knocking has such serious limitations. SPA is designed to offer protection from just such an attacker. The fwknop (http://www.cipherdyne.org/fwknop) implementation is written in a buffer safe language (perl) using standard encryption algorithms. While I agree that no software is 100% secure (ever), that is not the point. I'm trying to make the "prove you are a friend before granting access through the firewall" stance as strong as possible.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds