./security/spiped, Tool for creating symmetrically encrypted and authenticated pipes

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.5.0nb1, Package name: spiped-1.5.0nb1, Maintainer: pkgsrc-users

spiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically
encrypted and authenticated pipes between socket addresses, so that one may
connect to one address (e.g., a UNIX socket on localhost) and transparently
have a connection established to another address (e.g., a UNIX socket on a
different system). This is similar to 'ssh -L' functionality, but does not
use SSH and requires a pre-shared symmetric key.

Note that spiped:
1. Requires a strong key file: The file specified via the -k option should
have at least 256 bits of entropy. ('dd if=/dev/urandom bs=32 count=1' is
your friend.)
2. Does not provide any protection against information leakage via packet
timing: Running telnet over spiped will protect a password from being directly
read from the network, but will not obscure the typing rhythm.
3. Can significantly increase bandwidth usage for interactive sessions: It
sends data in packets of 1024 bytes, and pads smaller messages up to this
length, so a 1 byte write could be expanded to 1024 bytes if it cannot be
coalesced with adjacent bytes.
4. Uses a symmetric key -- so anyone who can connect to an spiped "server" is
also able to impersonate it.

MESSAGE.smf [+/-]

Master sites:

SHA1: 85dfe13cd25a7461ae649d44c5463b37f64f8627
RMD160: f6498f9e85d4a48dcd99b2da5e696ed3b440d1c2
Filesize: 67.2 KB

Version history: (Expand)


CVS history: (Expand)


   2016-06-08 12:16:57 by Jonathan Perkin | Files touched by this commit (89)
Log message:
Remove the stability entity, it has no meaning outside of an official context.
   2016-06-08 11:46:05 by Jonathan Perkin | Files touched by this commit (47)
Log message:
Change the service_bundle name to "export" to reduce diffs between the
original manifest.xml file and the output from "svccfg export".
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2016-02-26 10:41:07 by Jonathan Perkin | Files touched by this commit (32)
Log message:
Use OPSYSVARS.
   2015-12-14 10:32:37 by Jonathan Perkin | Files touched by this commit (1)
Log message:
Ensure OpenSSL libraries can be found.
   2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)
Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-03-04 17:39:41 by Sebastian Wiedenroth | Files touched by this commit (1)
Log message:
use c99 to fix build on illumos
   2015-02-22 15:26:47 by Sebastian Wiedenroth | Files touched by this commit (2) | Package updated
Log message:
Update spiped to 1.5.0

Changelog:
 spiped-1.5.0
 * Attempt to set the TCP_NODELAY socket option on connections, in order
   to avoid punishing latencies from TCP nagling.