[Olsr-dev] olsrd web of trust plug-in
Henning Rogge
(spam-protected)
Mon Dec 22 15:39:22 CET 2008
On Montag 22 Dezember 2008 15:22:08 Bernd Petrovitsch wrote:
> Today? Yes.
> Tomorrow?
> Given that WEP, WPA and WPA-2 are already there (and the former 2
> already obsolete), more of that will come.
>
> > story... ;)
>
> VIA-C7 - http://www.via.com.tw/en/products/processors/c7/ - has hardware
> AES support.
Which does not help with asymmetric algorithms.
> Apart from that: The asymmetric keys are just necessary to (regularly)
> exchange the symmetric ones - IPsec does this also in completely
> user-space (at least 5 years ago).
Yes... because IPSec mostly deals with unicast traffic. Multicast (broadcast
is a special case) is MUCH MORE difficult.
> And for the symmetric keys, the algorithms are fairly cheap (and one
> could use a somewhat less secure but much more CPU-saving one if it
> really matters).
> So personally I consider that problem as such solved - it is just a
> question of a good implementation (or hardware support).
Sorry, but you are dead wrong.
The problem of securing OLSR-traffic is to authentificate netwide broadcast
floods... you cannot do this easily with symmetric algorithm if you Want to
protect against an insider attacker.
Henning
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.olsr.org/pipermail/olsr-dev/attachments/20081222/62dded0d/attachment.sig>
More information about the Olsr-dev
mailing list