public inbox for
Atom feed
* [Govpn-devel] GoVPN 3.0 release announcement
@ 2015-05-03 13:01 stargrave
  0 siblings, 0 replies; only message in thread
From: stargrave @ 2015-05-03 13:01 UTC (permalink / raw)
  To: govpn-devel

[-- Attachment #1: Type: text/plain, Size: 2318 bytes --]

I am pleased to announce GoVPN 3.0 release availability!

GoVPN is simple secure free software virtual private network daemon,
aimed to be reviewable, secure, DPI-resistant, written on Go.

It uses fast PAKE DH A-EKE for mutual strong zero-knowledge peers
authentication. Data transport is encrypted, authenticated, hides
message's length and timestamp. PFS property, resistance to dictionary
attacks, replay attacks. Built-in heartbeating, rehandshaking, real-time
statistics, IPv4/IPv6-compatibility. GNU/Linux and FreeBSD support.

GoVPN's home page is:
also available as Tor hidden service: http://vabu56j2ep2rwv3b.onion/govpn/

Source code for that version can be found here:
SHA256: 12579c5c3cccfe73c66b5893335bc70c42d7b13b8e94c7751ec65d421eaff9a5
and corresponding signature is:
GPG key ID: 0xFFE2F4A1 GoVPN release signing key
Fingerprint: D269 9B73 3C41 2068 D8DA  656E F2F5 9045 FFE2 F4A1

The main improvements for that major release are:

* EKE protocol is replaced by Augmented-EKE and static symmetric (both
  sides have it) pre-shared key replaced with server-side verifier. This
  requires, 64 more bytes in handshake traffic, Ed25519 dependency with
  corresponding sign/verify computations, PBKDF2 dependency and its usage
  on the client side during handshake.

A-EKE with PBKDF2-based verifiers is resistant to dictionary attacks,
can use human memorable passphrases instead of static keys and
server-side verifiers can not be used for authentication (compromised
server does not leak client's authentication keys/passphrases).

* Changed transport message structure: added payload packet's length.
  This will increase transport overhead for two bytes, but heartbeat
  packets became smaller

* Ability to hide underlying packets lengths by appending noise, junk
  data during transmission. Each packet can be fill up-ed to it's
  maximal MTU size.

* Ability to hide underlying packets appearance rate, by generating
  Constant Packet Rate traffic. This includes noise generation too.

* Per-peer -timeout, -noncediff, -noise and -cpr configuration options.

Happy hacking, Sergey Matveev

[-- Attachment #2: Type: application/pgp-signature, Size: 801 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2015-05-03 13:03 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-05-03 13:01 [Govpn-devel] GoVPN 3.0 release announcement stargrave