Date: Fri, 22 Sep 2000 14:15:21 -0700 Subject: jojo releases 'cryptcat' twofish version of netcat To: BUGTRAQ@SECURITYFOCUS.COM We modified the very very useful tool called 'netcat' written by the L0pht and to provide encryption. We implemented twofish in both the Windows and linux versions of netcat. We call it cryptcat. What is cryptcat good for you ask? Well basically it lets you open an encrypted pipe, on any port, between two machines. Useful for transferring log files between machine sin a safe manner. cryptcat is easy to use in shell scripts. It's kinda a poor mans VPN. Not really safe for critical data, but it sure makes sniffing the netcat sessions harder :-) It is very small and light. Source code is included. Here's some more info: Also see our web site! http://www.farm9.com ==================================================================== cryptcat = netcat + encryption Cryptcat is the standard netcat enhanced with twofish encryption. Twofish is courtesy of counterpane, and cryptix. We started with the Java version of twofish from cryptix, converted it to C++ (don't ask why), and enhanced it by adding CBC mode and the ciphertext stealing technique from Applied Cryptography (pg. 196) How do you use it? Machine A: cryptcat -l -p 1234 < testfile Machine B: cryptcat <machine A IP> 1234 This is identical to the normal netcat options for doing exactly the same thing. However, in this case the data transferred is encrypted. Want the source? Windows version -- adapted from the Hobbit original by Weld Pond, very tricky! (and I thought adding twofish was tricky) Linux version -- why I like Linux... only had to change two lines of code to add encryption. Is it Really Secure? Not if you know the secret key, which is hardcoded to be "metallica" ====================================================================