X-Git-Url: http://www.git.cypherpunks.ru/?p=govpn.git;a=blobdiff_plain;f=doc%2Fnews.texi;h=10a2aab6d134519e72530c49d4fb0f33d7dff6e0;hp=608613a93689fd2ca87430ac8dfe02190c5a8ccc;hb=0bf04621961589bc735dc8bd8a075d7db24c4178;hpb=ee26626bd18e74679c46caf140772f27e5814cfa diff --git a/doc/news.texi b/doc/news.texi index 608613a..10a2aab 100644 --- a/doc/news.texi +++ b/doc/news.texi @@ -1,19 +1,100 @@ @node News -@cindex Releases -@cindex News @unnumbered News -@table @strong +See also this page @ref{Новости, on russian}. -@item Release 5.2 -@cindex Release 5.2 +@node Release 7.0 +@section Release 7.0 +@itemize +@item (X)Salsa20 is replaced with ChaCha20. Theoretically it should be +faster and more secure. +@end itemize + +@node Release 6.0 +@section Release 6.0 +@itemize +@item Argon2d is replaced with Balloon hashing. Found Argon2 libraries +written on pure Go have various problems. Moreover Argon2i should be +used instead, but it has some possible +@url{http://eprint.iacr.org/2016/027, cryptographic defects}. So it is +replaced with much more simpler (and seems even cryptographically +better) @url{https://crypto.stanford.edu/balloon/, Balloon hashing}. +@end itemize + +@node Release 5.10 +@section Release 5.10 +@itemize +@item @option{-version} option added, printing program version. +@end itemize + +@node Release 5.9 +@section Release 5.9 +@itemize +@item Client reconnects in the loop when connection is lost. Optionally +you can disable that behaviour: client will exit immediately, as it +previously did. +@end itemize + +@node Release 5.8 +@section Release 5.8 +@itemize +@item Optional ability to use syslog for logging, with +@url{https://tools.ietf.org/html/rfc5424, RFC 5424}-like +structured records. +@item XTEA algorithm is not used anymore for nonce obfuscation, but +BLAKE2b-MAC instead. Encryptionless mode now really does not depend on +encryption functions. +@end itemize + +@node Release 5.7 +@section Release 5.7 +@itemize +@item TAP interface name and remote peer's address are passed to up- and +down- scripts through environment variables. +@item Update Argon2 library to use version 1.3 of the algorithm. +@end itemize + +@node Release 5.6 +@section Release 5.6 +@itemize +@item Added up/down example script for replacing default route (thanks +to Zhuoyun Wei). +@item Fixed documentation bug: @file{.info} was not installing. +@end itemize + +@node Release 5.5 +@section Release 5.5 +@itemize +@item Ability to work on 32-bit platforms. @emph{sync/atomic} library +has some specific issues that caused panics on previous versions. +@end itemize + +@node Release 5.4 +@section Release 5.4 +@itemize +@item Added optional @ref{Timesync, time synchronization} requirement. +It will add timestamps in handshake PRP authentication, disallowing to +repeat captured packet and get reply from the server, making it visible +to DPI. +@end itemize + +@node Release 5.3 +@section Release 5.3 +@itemize +@item Fixed minor bug with @command{newclient.sh} that caught +"Passphrase:" prompt and inserted it into example YAML output. +Just replaced stdout output to stderr for that prompt. +@end itemize + +@node Release 5.2 +@section Release 5.2 @itemize @item Ability to read passphrases directly from the terminal (user's -input) without using of keyfiles. @code{storekey.sh} utility removed. +input) without using of keyfiles. @command{storekey.sh} utility removed. @end itemize -@item Release 5.1 -@cindex Release 5.1 +@node Release 5.1 +@section Release 5.1 @itemize @item Server is configured using @url{http://yaml.org/, YAML} file. It is very convenient to have comments and templates, comparing to JSON. @@ -21,8 +102,8 @@ is very convenient to have comments and templates, comparing to JSON. with @emph{BLAKE2b} in handshake code. @end itemize -@item Release 5.0 -@cindex Release 5.0 +@node Release 5.0 +@section Release 5.0 @itemize @item New optional @ref{Encless, encryptionless mode} of operation. Technically no encryption functions are applied for outgoing packets, so @@ -32,18 +113,18 @@ encryption usage. @item Simplified payload padding scheme, saving one byte of data. @item Ability to specify TAP interface name explicitly without any up-scripts for convenience. -@item @code{govpn-verifier} utility also can use @ref{EGD}. +@item @command{govpn-verifier} utility also can use @ref{EGD}. @end itemize -@item Release 4.2 -@cindex Release 4.2 +@node Release 4.2 +@section Release 4.2 @itemize @item Fixed non-critical bug when server may fail if up-script is not executed successfully. @end itemize -@item Release 4.1 -@cindex Release 4.1 +@node Release 4.1 +@section Release 4.1 @itemize @item @url{https://password-hashing.net/#argon2, Argon2d} is used instead of PBKDF2 for password verifier hashing. @@ -51,8 +132,8 @@ of PBKDF2 for password verifier hashing. server-side configuration and the code. @end itemize -@item Release 4.0 -@cindex Release 4.0 +@node Release 4.0 +@section Release 4.0 @itemize @item Handshake messages can be noised: their messages lengths are hidden. Now they are indistinguishable from transport messages. @@ -61,8 +142,8 @@ hidden. Now they are indistinguishable from transport messages. @item Single JSON file server configuration. @end itemize -@item Release 3.5 -@cindex Release 3.5 +@node Release 3.5 +@section Release 3.5 @itemize @item Ability to use @ref{Network, TCP} network transport. Server can listen on both UDP and TCP sockets. @@ -73,43 +154,39 @@ for accessing the server. Server can also emulate HTTP proxy behaviour. reasons. @end itemize -@item Release 3.4 -@cindex Release 3.4 +@node Release 3.4 +@section Release 3.4 @itemize @item Ability to use external @ref{EGD}-compatible PRNGs. Now you are -able to use GoVPN even on systems with the bad @code{/dev/random}, +able to use GoVPN even on systems with the bad @file{/dev/random}, providing higher quality entropy from external sources. -@item Removed @code{-noncediff} option. It is replaced with in-memory +@item Removed @option{-noncediff} option. It is replaced with in-memory storage of seen nonces, thus eliminating possible replay attacks at all without performance degradation related to inbound packets reordering. @end itemize -@item Release 3.3 -@cindex Release 3.3 +@node Release 3.3 +@section Release 3.3 @itemize @item Compatibility with an old GNU Make 3.x. Previously only BSD Make and GNU Make 4.x were supported. -@item /dev/urandom is used for correct client identity generation under -GNU/Linux systems. Previously /dev/random can produce less than required -128-bits of random. -@item Updated user manual examples. +@item @file{/dev/urandom} is used for correct client identity generation +under GNU/Linux systems. Previously @file{/dev/random} can produce less +than required 128-bits of random. @end itemize -@item Release 3.2 -@cindex Release 3.2 +@node Release 3.2 +@section Release 3.2 @itemize -@item -Deterministic building: dependent libraries source code commits are -fixed in our makefiles. -@item -No Internet connection is needed for building the source code: all +@item Deterministic building: dependent libraries source code commits +are fixed in our makefiles. +@item No Internet connection is needed for building the source code: all required libraries are included in release tarballs. -@item -FreeBSD Make compatibility. GNU Make is not necessary anymore. +@item FreeBSD Make compatibility. GNU Make is not necessary anymore. @end itemize -@item Release 3.1 -@cindex Release 3.1 +@node Release 3.1 +@section Release 3.1 @itemize @item Diffie-Hellman public keys are encoded with Elligator algorithm when @@ -119,8 +196,8 @@ passwords (that are used to create DSA public keys). But this will consume twice entropy for DH key generation in average. @end itemize -@item Release 3.0 -@cindex Release 3.0 +@node Release 3.0 +@section Release 3.0 @itemize @item EKE protocol is replaced by Augmented-EKE and static symmetric (both @@ -148,88 +225,80 @@ maximal MTU size. Ability to hide underlying packets appearance rate, by generating Constant Packet Rate traffic. This includes noise generation too. @item -Per-peer @code{-timeout}, @code{-noncediff}, @code{-noise} and -@code{-cpr} configuration options for server. +Per-peer @option{-timeout}, @option{-noncediff}, @option{-noise} and +@option{-cpr} configuration options for server. @end itemize -@item Release 2.4 -@cindex Release 2.4 +@node Release 2.4 +@section Release 2.4 @itemize -@item -Added ability to optionally run built-in HTTP-server responding with -JSON of all known connected peers information. Real-time client's +@item Added ability to optionally run built-in HTTP-server responding +with JSON of all known connected peers information. Real-time client's statistics. - -@item -Documentation is explicitly licenced under GNU FDL 1.3+. +@item Documentation is explicitly licenced under GNU FDL 1.3+. @end itemize -@item Release 2.3 -@cindex Release 2.3 +@node Release 2.3 +@section Release 2.3 @itemize -@item -Handshake packets became indistinguishable from the random. -Now all GoVPN's traffic is the noise for men in the middle. +@item Handshake packets became indistinguishable from the random. Now +all GoVPN's traffic is the noise for men in the middle. -@item -Handshake messages are smaller (16% traffic reduce). +@item Handshake messages are smaller (16% traffic reduce). -@item -Adversary now can not create malicious fake handshake packets that +@item Adversary now can not create malicious fake handshake packets that will force server to generate private DH key, preventing entropy consuming and resource heavy computations. @end itemize -@item Release 2.2 -@cindex Release 2.2 +@node Release 2.2 +@section Release 2.2 @itemize @item Fixed several possible channel deadlocks. @end itemize -@item Release 2.1 -@cindex Release 2.1 +@node Release 2.1 +@section Release 2.1 @itemize @item Fixed Linux-related building. @end itemize -@item Release 2.0 -@cindex Release 2.0 +@node Release 2.0 +@section Release 2.0 @itemize @item Added clients identification. @item Simultaneous several clients support by server. @item Per-client up/down scripts. @end itemize -@item Release 1.5 -@cindex Release 1.5 +@node Release 1.5 +@section Release 1.5 @itemize @item Nonce obfuscation/encryption. @end itemize -@item Release 1.4 -@cindex Release 1.4 +@node Release 1.4 +@section Release 1.4 @itemize @item Performance optimizations. @end itemize -@item Release 1.3 -@cindex Release 1.3 +@node Release 1.3 +@section Release 1.3 @itemize @item Heartbeat feature. @item Rehandshake feature. -@item up- and down- optinal scripts. +@item up- and down- optional scripts. @end itemize -@item Release 1.1 -@cindex Release 1.1 +@node Release 1.1 +@section Release 1.1 @itemize @item FreeBSD support. @end itemize -@item Release 1.0 -@cindex Release 1.0 +@node Release 1.0 +@section Release 1.0 @itemize @item Initial stable release. @end itemize - -@end table