implementations in software are too complex to be reviewed, analyzed and
modified.
-State off art cryptography technologies include:
+State off art cryptography technologies includes:
@url{http://cr.yp.to/snuffle.html, Salsa20} stream encryption,
@url{http://143.53.36.235:8080/tea.htm, XTEA} PRP,
@url{http://cr.yp.to/mac.html, Poly1305} message authentication,
-@url{https://en.wikipedia.org/wiki/Encrypted_key_exchange, Diffie-Hellman Encrypted Key Exchange}
-(DH-EKE) powered by @url{http://cr.yp.to/ecdh.html, Curve25519}.
+@url{https://en.wikipedia.org/wiki/PBKDF2} password-based key derivation
+function based on @url{https://en.wikipedia.org/wiki/SHA-2, SHA-512}
+hash function,
+@url{https://en.wikipedia.org/wiki/Encrypted_key_exchange,
+Diffie-Hellman Augmented Encrypted Key Exchange}
+(DH-A-EKE) powered by @url{http://cr.yp.to/ecdh.html, Curve25519} and
+@url{http://ed25519.cr.yp.to/, Ed25519} signatures.
Strong
@url{https://en.wikipedia.org/wiki/Zero-knowledge_password_proof, zero-knowledge}
mutual authentication with key exchange stage is invulnerable
@url{https://en.wikipedia.org/wiki/Forward_secrecy, Perfect forward secrecy}
property guarantee that compromising of long-term authentication
pre-shared key can not lead to previously captured traffic decrypting.
-Rehandshaking ensures session keys rotation. MAC authentication with
-one-time keys protects against
+Compromising of peers password file on server side won't allow attacker
+to masquerade as the client, because of asymmetric @strong{verifiers}
+usage, resistant to dictionary attacks. Rehandshaking ensures session
+keys rotation. MAC authentication with one-time keys protects against
@url{https://en.wikipedia.org/wiki/Replay_attack, replay attacks}.
Server can work with several clients simultaneously. Each client is
Optional ability to hide payload packets lengths by appending
@strong{noise} to them during transmission. Ability to generate constant
packet rate traffic (@strong{CPR}) that will hide even the fact of
-packets appearance.
+packets appearance, their timestamps.
The only platform specific requirement is TAP network interface support.
API to that kind of device is different, OS dependent and non portable.
@item IPv6 compatible
@item Encrypted and authenticated payload transport
@item Relatively fast handshake
+@item Password-authenticated key exchange
+@item Server-side password verifiers are secure against dictionary attacks
+@item Attacker can not masquerade a client even with password files compromising
@item Replay attack protection
@item Perfect forward secrecy property
@item Mutual two-side authentication
@item Several simultaneous clients support
@item Per-client configuration options
@item Hiding of payload packets length with noise
-@item Hiding of payload packets appearance with constant packet rate traffic
+@item Hiding of payload packets timestamps with constant packet rate traffic
@item Optional built-in HTTP-server for retrieving information about
known connected peers in @url{http://json.org/, JSON} format
@end itemize