Tarsnap

Spiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses, so that one may connect to one address (e.g., a UNIX socket on localhost) and transparently have a connection established to another address (e.g., a UNIX socket on a different system). This is similar to 'ssh -L' functionality, but does not use SSH and requires a pre-shared symmetric key.

Spiped uses strong and well-understood cryptographic components: The initial key negotiation is performed using HMAC-SHA256 and an authenticated Diffie-Hellman key exchange over the standard 2048-bit "group 14"; following the completion of key negotiation, packets are transmitted encrypted with AES-256 in CTR mode and authenticated using HMAC-SHA256. The simplicity of the code — about 4000 lines of C code in total, of which under 1000 are specific to spiped (the rest is library code originating from kivaloo and Tarsnap) — makes it unlikely that spiped has any security vulnerabilities.

On the author's 2.5 GHz Intel Core 2 laptop, spiped operates at approximately 200 Mbps.

Download

The following versions of spiped are available:

Version	Release date	SHA256 hash
spiped 1.1.0	2011-09-10	b727b902310d217d56c07d503c4175c65387ff07c9cd50a24584903faf9f3dc3
spiped 1.0.0	2011-07-04	82df05533bf8d8580f57e6dbec7d7e2966eabd3ea7a0a0bb06f87000947969a3

Mailing list

The spiped secure pipe daemon is discussed on the spiped@tarsnap.com mailing list.