7 comments

[ 1.5 ms ] story [ 30.4 ms ] thread
This looks pretty cool, but why not just run sshd on port 80/443 then use corkscrew[1] to tunnel through an http proxy?

[1] http://www.agroman.net/corkscrew/

Does corkscrew still use HTTP CONNECT? That's often blocked.
Ah yes, looks like it does use CONNECT.
The use of SHA-2-224 is kinda weird.

Based on a quick skim:

* no kdf on the password, just SHA-2-224(password)

* uses the same key and iv (which always starts as 0) in both directions

* uses CFB mode without a MAC, which has malleability issues (IIRC you can flip bits in a ciphertext block, and the same bits will be flipped in the plaintext, but the rest of the stream will be garbage).

* the authentication used is pretty sketchy (the key is fixed at 16 bytes and PW_LEN 15, so ljust shouldn't be doing anything):

    if tmp_data[:len(self.key)].ljust(PW_LEN,'0') != self.key.ljust(PW_LEN, '0'):
        log.msg("Remote unauthorized", logLevel=logging.INFO)
Reminds me of this: https://www.cs.auckland.ac.nz/~pgut001/pubs/linux_vpn.txt
To bad that networks/proxies usually block websocket connections causing this solution to fail.