public inbox for govpn-devel@lists.cypherpunks.ru
Atom feed
From: stargrave@stargrave•org
To: govpn-devel@lists.cypherpunks.ru
Subject: [Govpn-devel] GoVPN 3.0 release announcement
Date: Sun, 3 May 2015 16:01:14 +0300 [thread overview]
Message-ID: <20150503130114.GA37067@stargrave.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 2318 bytes --]
I am pleased to announce GoVPN 3.0 release availability!
GoVPN is simple secure free software virtual private network daemon,
aimed to be reviewable, secure, DPI-resistant, written on Go.
It uses fast PAKE DH A-EKE for mutual strong zero-knowledge peers
authentication. Data transport is encrypted, authenticated, hides
message's length and timestamp. PFS property, resistance to dictionary
attacks, replay attacks. Built-in heartbeating, rehandshaking, real-time
statistics, IPv4/IPv6-compatibility. GNU/Linux and FreeBSD support.
GoVPN's home page is: http://www.cypherpunks.ru/govpn/
also available as Tor hidden service: http://vabu56j2ep2rwv3b.onion/govpn/
Source code for that version can be found here:
http://www.cypherpunks.ru/govpn/download/govpn-3.0.tar.xz
SHA256: 12579c5c3cccfe73c66b5893335bc70c42d7b13b8e94c7751ec65d421eaff9a5
and corresponding signature is:
http://www.cypherpunks.ru/govpn/download/govpn-3.0.tar.xz.sig
GPG key ID: 0xFFE2F4A1 GoVPN release signing key
Fingerprint: D269 9B73 3C41 2068 D8DA 656E F2F5 9045 FFE2 F4A1
The main improvements for that major release are:
* EKE protocol is replaced by Augmented-EKE and static symmetric (both
sides have it) pre-shared key replaced with server-side verifier. This
requires, 64 more bytes in handshake traffic, Ed25519 dependency with
corresponding sign/verify computations, PBKDF2 dependency and its usage
on the client side during handshake.
A-EKE with PBKDF2-based verifiers is resistant to dictionary attacks,
can use human memorable passphrases instead of static keys and
server-side verifiers can not be used for authentication (compromised
server does not leak client's authentication keys/passphrases).
* Changed transport message structure: added payload packet's length.
This will increase transport overhead for two bytes, but heartbeat
packets became smaller
* Ability to hide underlying packets lengths by appending noise, junk
data during transmission. Each packet can be fill up-ed to it's
maximal MTU size.
* Ability to hide underlying packets appearance rate, by generating
Constant Packet Rate traffic. This includes noise generation too.
* Per-peer -timeout, -noncediff, -noise and -cpr configuration options.
--
Happy hacking, Sergey Matveev
[-- Attachment #2: Type: application/pgp-signature, Size: 801 bytes --]
reply other threads:[~2015-05-03 13:03 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed