* no kdf on the password, just SHA-2-224(password)
* uses the same key and iv (which always starts as 0) in both directions
* uses CFB mode without a MAC, which has malleability issues (IIRC you can flip bits in a ciphertext block, and the same bits will be flipped in the plaintext, but the rest of the stream will be garbage).
* the authentication used is pretty sketchy (the key is fixed at 16 bytes and PW_LEN 15, so ljust shouldn't be doing anything):
if tmp_data[:len(self.key)].ljust(PW_LEN,'0') != self.key.ljust(PW_LEN, '0'):
log.msg("Remote unauthorized", logLevel=logging.INFO)
7 comments
[ 1.5 ms ] story [ 30.4 ms ] thread[1] http://www.agroman.net/corkscrew/
Based on a quick skim:
* no kdf on the password, just SHA-2-224(password)
* uses the same key and iv (which always starts as 0) in both directions
* uses CFB mode without a MAC, which has malleability issues (IIRC you can flip bits in a ciphertext block, and the same bits will be flipped in the plaintext, but the rest of the stream will be garbage).
* the authentication used is pretty sketchy (the key is fixed at 16 bytes and PW_LEN 15, so ljust shouldn't be doing anything):
Reminds me of this: https://www.cs.auckland.ac.nz/~pgut001/pubs/linux_vpn.txthttps://github.com/covertcodes/multitun/blob/master/multitun...