2
aki237
156d

VPN server/client for *nix

Project Type
Existing open source project
Summary

VPN server/client for *nix

Description
This is a simple hobby VPN server and client in golang. Some posts : https://blog.aki237.in/_pin_0.0.2.txt https://blog.aki237.in/update_on_pin.txt https://blog.aki237.in/pin_is_not_a_vpn_yet.txt
Tech Stack
Go, Linux, BSD
Current Team Size
1
URL
Comments
  • 0
    I've seen you execute dd for generating the secret-key.
    Why don't you use the secure random-number-generator of the crypto package?
  • 0
    @metamourge That's just for a simple setup.
  • 1
    And that is just a key from /dev/urandom. I think that is random enough for a secret key.
  • 0
    @aki237 Please use the cryptographically secure /dev/random instead.
  • 1
    /dev/urandom is cryptographically secure.
  • 1
  • -1
    @aki237 Generating crypto keys using urandom is the dumbest thing you could possibly do. If no entropy is left, a predictable number is returned. Boom, key leaked. Great. random simply waits until entropy is there.
  • 2
    @PrivateGER The point is: It doesn't matter. As long the previous internal state didn't leak and the RNG has been seeded before, everything is fine.

    Example: If I have 128-bit "true-random" data and use them as a seed to create 2048-bit random data, those 2048 bit are only predictable if the 128 bit "seed" is known (or there are other weaknesses, but this risk exists every time). Sure the theoretical randomness is only 128 bit, but practically it won't matter.

    Also, after Linux 4.8 the design of /dev/[u]random was changed.
  • 0
    @sbiewald Yeah, that is true.
    I just really think that you should only use entropy for actual cryptographic keys.
Your Job Suck?
Get a Better Job
Add Comment