From e51337ee8f51090dd9536442c5baf963ba116c33 Mon Sep 17 00:00:00 2001 From: Arceliar Date: Sun, 11 Mar 2018 16:51:45 -0500 Subject: [PATCH] Update about.md Add more links. --- about.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/about.md b/about.md index f6b91d6..ecffa34 100644 --- a/about.md +++ b/about.md @@ -1,6 +1,6 @@ # About -Yggdrasil is an encrypted IPv6 network running in the `fd00::/8` address range. +Yggdrasil is an encrypted IPv6 network running in the [`fd00::/8` address range](https://en.wikipedia.org/wiki/Unique_local_address). It is an experimental/toy network, so failure is acceptable, as long as it's instructive to see how it breaks if/when everything falls apart. IP addresses are derived from cryptographic keys, to reduce the need for public key infrastructure. @@ -26,18 +26,18 @@ An address is assigned from the `fd00::/8` prefix, according to the following: The first bit of the second byte is used to flag if an address is for a router (`fd00::/9`), or part of an advertised prefix (`fd80::/9`), where each router owns a `/64` prefix with the 9th bit of the address set to 1. This allows the prefix to be advertised to the router's LAN, so unsupported devices can still connect to the network (e.g. network printers). -The NodeID is a sha512sum of a node's public encryption key. +The NodeID is a [sha512sum](https://en.wikipedia.org/wiki/SHA-512) of a node's public encryption key. Addresses are checked that they match NodeID, to prevent address spoofing. As such, while a 128 bit IPv6 address is likely too short to be considered secure by cryptographer standards, there is a significant cost in attempting to cause an address collision. Addresses can be made more secure by brute force generating a large number of leading `1` bits in the NodeID. ### Cryptography -Public key encryption is done using the `golang.org/x/crypto/nacl/box`, which uses Curve25519, XSalsa20, and Poly1305 for key exchange, encryption, and authentication. +Public key encryption is done using the `golang.org/x/crypto/nacl/box`, which uses [Curve25519](https://en.wikipedia.org/wiki/Curve25519), [XSalsa20](https://en.wikipedia.org/wiki/Salsa20), and [Poly1305](https://en.wikipedia.org/wiki/Poly1305) for key exchange, encryption, and authentication (interoperable with [NaCl](https://en.wikipedia.org/wiki/NaCl_(software))). Permanent keys are used only for protocol traffic, with random nonces generated on a per-packet basis using `crypto/rand` from Go's standard library. -Ephemeral session keys are generated for encapsulated IPv6 traffic, using the same set of primitives, with random initial nonces that are subsequently incremented. +Ephemeral session keys (for [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy)) are generated for encapsulated IPv6 traffic, using the same set of primitives, with random initial nonces that are subsequently incremented. A list of recently received session nonces is kept (as a bitmask) and checked to reject duplicated packets, in an effort to block duplicate packets and replay attacks. -A separate set of keys are generated and used for signing with Ed25519, which is used by the routing layer to secure construction of a spanning tree. +A separate set of keys are generated and used for signing with [Ed25519](https://en.wikipedia.org/wiki/Ed25519), which is used by the routing layer to secure construction of a spanning tree. ## Locators and Routing @@ -50,7 +50,7 @@ In particular, nodes try to maximize: ` /