Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Changelog:
spiped-1.5.0
* Attempt to set the TCP_NODELAY socket option on connections, in order
to avoid punishing latencies from TCP nagling.
|
|
Changelog:
spiped-1.4.2
* Fix crash on platforms which support AESNI (i386, amd64) but do not
automatically provide 16-byte alignment to large memory allocations
(glibc, possibly others).
|
|
spiped-1.4.1
* Fix build on OS X, and improve strict POSIX compliance.
* Improved zeroing of sensitive cryptographic data.
spiped-1.4.0
* Add automatic detection of compiler support (at compile-time) and CPU
support (at run-time) for x86 "AES New Instructions"; and when available,
use these to improve cryptographic performance.
* Add support for -g option, which makes {spiped, spipe} require perfect
forward secrecy by dropping connections if the peer endpoint is detected to
be running using the -f option.
|
|
creation of pid files
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
spiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically
encrypted and authenticated pipes between socket addresses, so that one may
connect to one address (e.g., a UNIX socket on localhost) and transparently
have a connection established to another address (e.g., a UNIX socket on a
different system). This is similar to 'ssh -L' functionality, but does not
use SSH and requires a pre-shared symmetric key.
Note that spiped:
1. Requires a strong key file: The file specified via the -k option should
have at least 256 bits of entropy. ('dd if=/dev/urandom bs=32 count=1' is
your friend.)
2. Does not provide any protection against information leakage via packet
timing: Running telnet over spiped will protect a password from being directly
read from the network, but will not obscure the typing rhythm.
3. Can significantly increase bandwidth usage for interactive sessions: It
sends data in packets of 1024 bytes, and pads smaller messages up to this
length, so a 1 byte write could be expanded to 1024 bytes if it cannot be
coalesced with adjacent bytes.
4. Uses a symmetric key -- so anyone who can connect to an spiped "server" is
also able to impersonate it.
|