[LWN Logo]
[Timeline]
Date:         Fri, 22 Sep 2000 14:15:21 -0700
Subject:      jojo releases 'cryptcat' twofish version of netcat
To: BUGTRAQ@SECURITYFOCUS.COM

We modified the very very useful tool called 'netcat' written by the
L0pht and to provide encryption.

We implemented twofish in both the Windows and linux versions of netcat.

We call it cryptcat.

What is cryptcat good for you ask?  Well basically it lets you open an
encrypted pipe, on any port, between two machines.  Useful for
transferring log files between machine sin a safe manner.  cryptcat is
easy to use in shell scripts.

It's kinda a poor mans VPN.  Not really safe for critical data, but it
sure makes sniffing the netcat sessions harder :-)

It is very small and light.

Source code is included.

Here's some more info:

Also see our web site! http://www.farm9.com

====================================================================
cryptcat = netcat + encryption

Cryptcat is the standard netcat enhanced with twofish encryption.

Twofish is courtesy of counterpane, and cryptix. We started with the
Java version of twofish from cryptix, converted it to C++ (don't ask
why), and enhanced it by adding CBC mode and the ciphertext stealing
technique from Applied Cryptography (pg. 196)

How do you use it?
Machine A: cryptcat -l -p 1234 < testfile
Machine B: cryptcat <machine A IP> 1234
This is identical to the normal netcat options for doing exactly the
same thing. However, in this case the data transferred is encrypted.


Want the source?
Windows version -- adapted from the Hobbit original by Weld Pond, very
tricky! (and I thought adding twofish was tricky)

Linux version -- why I like Linux... only had to change two lines of
code to add encryption.

Is it Really Secure?
Not if you know the secret key, which is hardcoded to be "metallica"

====================================================================