X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=web%2Fmanual.m4;h=73eafbb4fa4be257ef7301d4dd5a51198dc14ed7;hp=41ab53cd91100f6aeeaf804bd22a565fc7d36bcc;hb=b0d2b25210ac347ab95dfa176d133f6629f0b123;hpb=4228c805d59dcc41aa324c646b2688e29d82a354 diff --git a/web/manual.m4 b/web/manual.m4 index 41ab53cd..73eafbb4 100644 --- a/web/manual.m4 +++ b/web/manual.m4 @@ -112,7 +112,7 @@ can be used by any scripting language to produce user interfaces with little programming effort. All connections between para_server and para_client are encrypted -with a symmetric RC4 session key. For each user of paraslash you must +with a symmetric session key. For each user of paraslash you must create a public/secret RSA key pair for authentication. If para_client is started without non-option arguments, an interactive @@ -209,7 +209,8 @@ For the impatient: sudo apt-get install autoconf libssl-dev help2man gengetopt \ libmad0-dev libid3tag0-dev libasound2-dev libvorbis-dev \ libfaad-dev libspeex-dev libFLAC-dev libsamplerate-dev \ - libasound2-dev libao-dev libreadline-dev libncurses-dev + libasound2-dev libao-dev libreadline-dev libncurses-dev \ + libopus-dev Detailed description: In any case you'll need @@ -505,9 +506,9 @@ User management para_server uses a challenge-response mechanism to authenticate requests from incoming connections, similar to ssh's public key authentication method. Authenticated connections are encrypted using -the RC4 stream cipher. +a stream cipher, either RC4 or AES in integer counter mode. -In this chapter we briefly describe RSA and RC4 and sketch the +In this chapter we briefly describe RSA, RC4 and AES, and sketch the REFERENCE(Client-server authentication, authentication handshake) between para_client and para_server. User management is discussed in the section on REFERENCE(The user_list file, the user_list file). @@ -517,8 +518,8 @@ in a REFERENCE(Connecting para_audiod, separate section). -RSA and RC4 -~~~~~~~~~~~ +RSA, RC4, AES +~~~~~~~~~~~~~ RSA is an asymmetric block cipher which is used in many applications, including ssh and gpg. An RSA key consists in fact of two keys, @@ -537,6 +538,15 @@ strong encryption by today's standards. Since the same key must never be used twice, a different, randomly-generated key is used for every new connection. +AES, the advanced encryption standard, is a well-known symmetric block +cipher, i.e. a transformation operating on fixed-length blocks which +is determined by a single key for both encryption and decryption. Any +block cipher can be turned into a stream cipher by generating +a pseudo-random key stream by encrypting successive values of a +counter. The AES_CTR128 stream cipher used in paraslash is obtained +in this way from the AES block cipher with a 128 bit block size. + + Client-server authentication ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -557,7 +567,7 @@ as follows: fixed-length buffer with random bytes, encrypts that buffer using the public key and sends the encrypted buffer to the client. The first part of the buffer is the challenge which - is used for authentication while the second part is the RC4 + is used for authentication while the second part is the session key. - para_client receives the encrypted buffer and decrypts it @@ -574,12 +584,12 @@ as follows: - Otherwise the user is considered authenticated and the client is allowed to proceed by sending a command to be executed. From - this point on the communication is encrypted using the RC4 - stream cipher with the session key known to both peers. + this point on the communication is encrypted using the stream + cipher with the session key known to both peers. paraslash relies on the quality of the pseudo-random bytes provided by the crypto library (openssl or libgcrypt), on the security of -the implementation of the RSA and RC4 crypto routines and on the +the implementation of the RSA, RC4 and AES crypto routines and on the infeasibility to invert the SHA1 function. Neither para_server or para_client create RSA keys on their own. This @@ -1144,7 +1154,17 @@ Excited Linear Prediction) coding. It is designed for voice over IP applications, has modest complexity and a small memory footprint. Wideband and narrowband (telephone quality) speech are supported. As for Vorbis audio, Speex bit-streams are often stored -in OGG files. +in OGG files. As of 2012 this codec is considered obsolete since the +Oppus codec, described below, surpasses its performance in all areas. + +*OGG/Opus* + +Opus is a lossy audio compression format standardized through RFC +6716 in 2012. It combines the speech-oriented SILK codec and the +low-latency CELT (Constrained Energy Lapped Transform) codec. Like +OGG/Vorbis and OGG/Speex, Opus data is usually encapsulated in OGG +containers. All known software patents which cover Opus are licensed +under royalty-free terms. *AAC* @@ -1226,10 +1246,9 @@ chunk table and reads the meta data. The audio format handler code is linked into para_server and executed via the _add_ command. The same code is also available as a stand-alone -tool, para_afh, which can be used to print the technical data, the -chunk table and the meta data of a file. Furthermore, one can use -para_afh to cut an audio file, i.e. to select some of its chunks to -produce a new file containing only these chunks. +tool, para_afh, which prints the technical data, the chunk table +and the meta data of a file. Moreover, all audio format handlers are +combined in the afh receiver which is part of para_recv and para_play. ---------- Networking @@ -2190,6 +2209,8 @@ RFCs Congestion Control ID 2: TCP-like Congestion Control - XREFERENCE(http://www.ietf.org/rfc/rfc4342.txt, RFC 4342) (2006): Congestion Control ID 3: TCP-Friendly Rate Control (TFRC) + - XREFERENCE(http://www.ietf.org/rfc/rfc6716.txt, RFC 6716) (2012): + Definition of the Opus Audio Codec Application web pages ~~~~~~~~~~~~~~~~~~~~~