Jay Taylor's notes

back to listing index

Tarsnap - The spiped secure pipe daemon

[web search]
Original source (www.tarsnap.com)
Tags: encryption security linux unix pipes spiped www.tarsnap.com
Clipped on: 2013-11-20

The spiped secure pipe daemon

Spiped (pronounced "ess-pipe-dee") is a utility for creatingsymmetrically encrypted and authenticated pipes between socketaddresses, so that one may connect to one address (e.g., a UNIXsocket on localhost) and transparently have a connection establishedto another address (e.g., a UNIX socket on a different system). Thisis similar to 'ssh -L' functionality, but does not use SSH andrequires a pre-shared symmetric key.

Spiped uses strong and well-understood cryptographic components: Theinitial key negotiation is performed using HMAC-SHA256 and anauthenticated Diffie-Hellman key exchange over the standard 2048-bit"group 14"; following the completion of key negotiation, packets aretransmitted encrypted with AES-256 in CTR mode and authenticatedusing HMAC-SHA256. The simplicity of the code — about 4000lines of C code in total, of which under 1000 are specific to spiped(the rest is library code originating fromkivaloo andTarsnap) — makes it unlikely thatspiped has any security vulnerabilities.

On the author's 2.5 GHz Intel Core 2 laptop, spiped operates atapproximately 200 Mbps.


The following versions of spiped are available:

VersionRelease dateSHA256 hash
spiped 1.3.12013-04-138a58a983be460b88ed5a105201a0f0afacb83382208761837a62871dcca42fee
spiped 1.3.02013-04-066f3d512dbdc8e5e893fb533908d4f8bcd1fd23db783f63c7bc37cf5660c139d0
spiped 1.2.22012-11-15a9eb4681e4ccd5d86b8a2d4e16785db8ba10d8a9f7f732485511fd4b92dff1ec
spiped 1.2.12012-08-314e2e532b2a7df8e9a771c27a1bc2889f0d834e986d4f4a02a2a12174560ea44b
spiped 1.2.02012-08-3046fb94da62bf1f074513047519f2d4f5faf103e5b8555e14a375a42b74508a6b
spiped 1.1.02011-09-10b727b902310d217d56c07d503c4175c65387ff07c9cd50a24584903faf9f3dc3
spiped 1.0.02011-07-0482df05533bf8d8580f57e6dbec7d7e2966eabd3ea7a0a0bb06f87000947969a3

Mailing list

The spiped secure pipe daemon is discussed on thespiped@tarsnap.com mailing list.