Coda File System

Re: Another mail on the security of coda

From: Jan Harkes <jaharkes_at_cs.cmu.edu>
Date: Wed, 28 Nov 2001 13:43:56 -0500
On Fri, Nov 23, 2001 at 01:01:23PM +0100, Fabrizio Morbini wrote:
> Hi, I'm new in CODA so I would address you this question: you in the
> chapter "Authentication and secure connections." said that is simple
> add DES encryption (or other strong encryption) to CODA, but why I
> can't find a version of CODA that include this? (I think that the
> encryption is necessary in our networks)

There isn't any, you could try to modify the rpc2_Decrypt and
rpc2_Encrypt functions rpc2/rpc2-src/secure.c to wrap around
cryptographic functions provided by openssl (libcrypto). I believe that
using real encryption will probably break retransmitting SFTP packets
because some encrypted fields in the header are modified in the
encrypted packet instead of a a decrypted version and re-encrypting it.

There was also a group in germany that wanted to create a more secure
version of RPC2, check the 'codadev' mailinglist archives, Nov 2000,
subject "making rpc2 more Secure".

> You can instruct me (the basic guidelines (steps, documentation (from
> "earth" to "space")), the sites where I can find a good implementation
> of the encryption algorithms (gpg?),...) on how can be added DES (or
> others) to the CODA code?

Best bet for the actual encryption routines is openssl, it is already
widely used and installed on most systems that have f.i. openssh.

Jan
Received on 2001-11-28 13:44:00