Jay Taylor's notesback to listing index
Tarsnap - The spiped secure pipe daemon[web search]
The spiped secure pipe daemon
Spiped (pronounced "ess-pipe-dee") is a utility for creatingsymmetrically encrypted and authenticated pipes between socketaddresses, so that one may connect to one address (e.g., a UNIXsocket on localhost) and transparently have a connection establishedto another address (e.g., a UNIX socket on a different system). Thisis similar to 'ssh -L' functionality, but does not use SSH andrequires a pre-shared symmetric key.
Spiped uses strong and well-understood cryptographic components: Theinitial key negotiation is performed using HMAC-SHA256 and anauthenticated Diffie-Hellman key exchange over the standard 2048-bit"group 14"; following the completion of key negotiation, packets aretransmitted encrypted with AES-256 in CTR mode and authenticatedusing HMAC-SHA256. The simplicity of the code — about 4000lines of C code in total, of which under 1000 are specific to spiped(the rest is library code originating fromkivaloo andTarsnap) — makes it unlikely thatspiped has any security vulnerabilities.
On the author's 2.5 GHz Intel Core 2 laptop, spiped operates atapproximately 200 Mbps.
The following versions of spiped are available:
|Version||Release date||SHA256 hash|
The spiped secure pipe daemon is discussed on firstname.lastname@example.org mailing list.