lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Fri, 04 Feb 2011 19:58:07 +1000
From:	Stuart Longland <redhatter@...too.org>
To:	netdev@...r.kernel.org
Subject: Configuring IPsec within a user application?

Hi all,

I'm not sure if this is the right list or not, if not I'd appreciate a
referral to a more appropriate list.

I've been toying with the idea of a small multicast VoIP/digital comms
protocol¹ for use over wireless radio links.  The typical use case might
be to replace UHF FM radio transceivers with modern smart phones, using
multicast IPv6 networking over 802.11b.  (It will have other modes too,
transmission over amateur radio bands for instance.)

In some commercial settings, or over the Internet, it'd be great for
traffic to be authenticated using HMAC-SHA1 or even encrypted.  Looking
at IPsec, I see it provides exactly this.  My thought, why re-invent the
wheel when a solution may already exist?

The question though:  Is it possible for a userspace application
(non-privileged) to request that the UDP packets it generates/receives
from/to a particular address be encrypted or hashed against a specified key?

i.e. if I decide to communicate with someone on the same wireless link,
and by means of asymmetric crypto at higher layers we establish a shared
AES key, can I configure the stack for traffic between these two hosts
on-the-fly and without root privileges?

Regards,
-- 
Stuart Longland (aka Redhatter, VK4MSL)      .'''.
Gentoo Linux/MIPS Cobalt and Docs Developer  '.'` :
. . . . . . . . . . . . . . . . . . . . . .   .'.'
http://dev.gentoo.org/~redhatter             :.'

I haven't lost my mind...
  ...it's backed up on a tape somewhere.

1. http://wongi.longlandclan.yi.org
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ