mirror of
https://github.com/ntop/n2n.git
synced 2024-09-20 00:51:10 +02:00
created document structure
This commit is contained in:
parent
0ab9f3229e
commit
87c5393162
43
doc/CRYPTO.md
Normal file
43
doc/CRYPTO.md
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
# Cryptography in n2n
|
||||||
|
|
||||||
|
## Payload
|
||||||
|
|
||||||
|
### Overview
|
||||||
|
|
||||||
|
Payload encryption currently comes four in different flavors. Supported ciphers are enabled using the indicated command line option:
|
||||||
|
|
||||||
|
- Twofish in CBC mode (`-A2`)
|
||||||
|
- AES in CBC mode (`-A3`)
|
||||||
|
- ChaCha20 (CTR) (`-A4`)
|
||||||
|
- SPECK in CTR mode (`-A5`)
|
||||||
|
|
||||||
|
To renounce encryption, `-A1` enables the so called `null_transform` transmitting all data unencrpytedly.
|
||||||
|
|
||||||
|
The following quick comparing chart might help make a decision on what cipher to use:
|
||||||
|
|
||||||
|
| Cipher | Mode | Block Size | Key Size | IV length |Speed | Built-In | Origin |
|
||||||
|
| :---: | :---:| :---: | :---: | :---: |:---: | :---: | --- |
|
||||||
|
|Twofish | CBC | 128 bits | 128 bit (?) | 32 bit | - | Y | Bruce Schneier |
|
||||||
|
|AES | CBC | 128 bits | 128, 192,256 bit | 64 bit | O..+ | N | Joan Daemen and Vincent Rijmen, NSA-approved |
|
||||||
|
|ChaCha20| CTR | Stream | 256 bit | 128 bit | +..++| N | Daniel J. Bernstein |
|
||||||
|
|SPECK | CTR | Stream | 256 bit | 128 bit | ++ | Y | NSA |
|
||||||
|
|
||||||
|
As all block ciphers are used in CBC mode, they require a padding which results in encrypted payload sizes modulo the respective blocksize. Sizewise, this could be considered a disadvantage. On the other hand, stream ciphers need a longer initialization vector (IV) to be transmitted.
|
||||||
|
|
||||||
|
Note that AES and ChaCha20 only are available if n2n was compiled with openSSL support while Twofish and SPECK always are available as built-ins.
|
||||||
|
|
||||||
|
### Twofish
|
||||||
|
|
||||||
|
### AES
|
||||||
|
|
||||||
|
### ChaCha20
|
||||||
|
|
||||||
|
### SPECK
|
||||||
|
|
||||||
|
## Header
|
||||||
|
|
||||||
|
### Encryption
|
||||||
|
|
||||||
|
### Checksum
|
||||||
|
|
||||||
|
### Replay Protection
|
Loading…
Reference in New Issue
Block a user