3

I am looking to an Cryptographically Generated Address (CGA) implementation in Java or in C++. Would be glad if someone can help.

davidbb
  • 200
  • 3
Bass
  • 31
  • 1
  • Can you be clearer about what you're looking for? – nealmcb Apr 27 '11 at 18:11
  • http://en.wikipedia.org/wiki/Cryptographically_Generated_Address -- at the moment, there's an RFC that describes this, but I haven't heard of any implementations. – Jeff Ferland Apr 27 '11 at 18:45
  • I voted to close. SS is not about programming. –  Apr 27 '11 at 20:50
  • Interesting concept... @Ams, it's not *not* about programming. I was doubtful, but now it seems to me to be on topic, he's looking for an implementation of a cryptographic protocol. That said, I dont think an answer will be forthcoming, as per @Jeff's comment... – AviD Apr 27 '11 at 23:31
  • @AviD, unfortunately, for me it seems that SS is becoming completely about everything that contains even some mention of security related item. I would agree it is on-topic if security weakness, or possibilities how to strengthen the solution were discussed. –  Apr 28 '11 at 08:31
  • I think I agree with Ams on this one. The query is 'how to implement' which is really a programming question – Rory Alsop May 12 '11 at 16:49
  • @Rory, usually in cryptography-related issues, we answer "how to implement" with: `"Don't."` As in, he should use standard implementations - and how to do *that* is very much ontopic, IMO... – AviD May 12 '11 at 22:09

1 Answers1

3

http://www.thc.org/thc-ipv6/ a whole suite if ipv6 utilities, but sendpees6 has great examples of how to do CGA against SEND.

Marcin
  • 2,508
  • 1
  • 15
  • 14
  • Interesting. Here is one example of a DoS attack capitalizing on the extra overhead of verifying the signatures: [Project 13x: IPv6 DoS with sendpees6 (10 pts.)](http://samsclass.info/ipv6/proj/proj-124-13x-sendpees6.html) – nealmcb Apr 28 '11 at 05:34
  • i was looking more for a tool ,which could generate CGA address. – Bass Apr 28 '11 at 11:42
  • 1
    `cga_opt = thc_generate_cga(prefix, key, &cga);` is how you generate it if you're using the thc toolkit. Is that close enough? – Marcin Apr 28 '11 at 13:34
  • 1
    @nealmcb, funny, that's exactly what I did for my thesis few years ago when thc's code wasn't nearly as functional ;) The fun part about SeND is that the client gets to pick the strength of the key, so you can kill any SeND aware node by precreating a packet and then just replying it as fast as you can. Depending on the speeds of the CPU's, I've been able to kill a node by playing <25 packets a second. – Marcin May 13 '11 at 22:18