3 @cindex Encryptionless mode
4 @cindex Chaffing-and-Winnowing
6 @cindex All-Or-Nothing-Transformation
9 @subsection Encryptionless mode
11 Some jurisdictions can force user to reveal his encryption keys. However
12 they can not ask for authentication (signing) keys. So you are safe to
13 use authentication algorithms, but not the encryption ones. Moreover
14 some countries forbids usage of encryption (but again not the
17 GoVPN provides special encryptionless mode of operation. In this mode it
18 replaces Salsa20 function used for confidentiality with rather
19 well-known @url{http://people.csail.mit.edu/rivest/chaffing-980701.txt,
20 Chaffing-and-Winnowing} (CnW) technology. This is rather traffic and
21 resource hungry algorithm, so we use it after
22 @url{http://theory.lcs.mit.edu/~cis/pubs/rivest/fusion.ps,
23 All-Or-Nothing-Transformation} (based on
24 @url{http://cseweb.ucsd.edu/~mihir/papers/oaep.html, Optimal Asymmetric
25 Encryption Padding}) on the data. This is confidentiality preserving
28 AONT is just a keyless encoding of the data. CnW uses only
29 authentication function. Handshake additionally uses Diffie-Hellman and
30 signature algorithms. No encryption and steganography involved.
32 In this mode each outgoing packet became larger on 4128 bytes and
33 @ref{Noise, noise} is forcefully enabled. So this is resource hungry mode!
35 @strong{Beware}: by default packet serial numbers are still processed
36 through the XTEA encryption. It is not required for confidentiality and
37 security, but for randomizing some parts of the traffic to make it
38 indistinguishable from the noise, for making it more DPI-proof. It
39 safely can be disabled, turned off or maybe its keys even can be
40 revealed without security and forward secrecy loss.
42 See @code{govpn/cnw} and @code{govpn/aont} packages for details of AONT
43 and chaffing operations.