7. Odds and ends
Ideas and code for this project came from various parts of the Linux
2.0.12 kernel, most notably the
ipip protocol, the
new_tunnel driver, and the
NOTE: This software contains a data encryption facility. Use of it is
restricted by law in some countries including France and Russia. In
the United States of America it is not allowed to export such systems
without special permission. The IDEA algorithm included herein is
patented and subject to licensing conditions at least in parts of
Europe and America (see http://www.ascom.ch/systec).
A note on the Blowfish algorithm: For historical reasons (a bug in the
original i386 assembler implementation), CIPE uses a variant of the
Blowfish algorithm where the plaintext and ciphertext data words are
interpreted as little-endian. This means it is Blowfish with an
added initial and final permutation. This does not affect the
cryptographic properties of the algorithm.
A Windows port of the CIPE protocol is being developed. It is found at
To Do list for future development:
Profiling and optimization for speed. Check C implementation of IDEA for
Make IDEA run in constant time to harden against timing attack? This
would impose a serious performance penalty. It is at least possible in C
and i486 and higher; probably not for the i386. The Blowfish algorithm
always runs in constant time (at least the assembler implementation).
Test various combinations of crypto algorithm and implementation selected.
Implement all of the attack protections outlined in the protocol
chapter. (Keeping log of recent keys and timestamping is implemented.)
Implement dummy packet generation.
There is a mailing list for CIPE users and development.
To subscribe, send mail to email@example.com containing the
in the message body. Please subscribe before posting to the list.
The Encryption HOWTO covers various methods on disk and network
encryption. See http://EncryptionHOWTO.sourceforge.net/.
This document was generated
by Olaf Titz on August, 4 2004