[Freedombox-discuss] [James Vasile] tinc rollout and fbox

[Sandy Harris]

Nick Daly <nick.m.daly at gmail.com> wrote:

> There's been some recent work on Tinc that I'm really excited about.
> ...

> Poke at it, let me know what you think.

Their docs include this paragraph:

" On the 15th of September 2003, Peter Gutmann posted a security
analysis of tinc 1.0.1. He argues that the 32 bit sequence number used
by tinc is not a good IV, that tinc’s default length of 4 bytes for
the MAC is too short, and he doesn’t like tinc’s use of RSA during
authentication. We do not know of a security hole in this version of
tinc, but tinc’s security is not as strong as TLS or IPsec. We will
address these issues in tinc 2.0.

Gutmann is a well-known and respected expert. His best-known
paper was one back in the 90s on reading "erased" disk drives
and what bit patterns it took to block that. Most "secure erase"
utilities around use those suggestions (even though current
drives are quite different, so those may be inappropriate now).
He has done /a lot/ of other stuff as well.

The current Tinc release is 1.0.21

My reading of that is that Tinc has known problems and
they probably will not be fixed soon. To me, that means
it is not ready for serious consideration as a component
for FreedomBox.