[AG-TECH] vic and rat encryption

[Thomas D. Uram]

I would recommend using as much of existing solutions as possible:

- Restrict access to the venue by identity using the mechanism built into the
AG software.  This will prevent unwanted AG users from entering the venue.

- Enable encryption on the venue, so AG users get the key and it is used by 
their media
tools.  The encryption key can be set in Venue Management so it is DES instead 
of Rijndael,
simply by leaving off the 'Rijndael/' prefix.  This will prevent AG users from 
having to enter
the key into vic and rat manually.

You can then hand the encryption key to insors users via email or somesuch so they
can apply it manually.

Tom Uram


On 3/29/06 10:28 AM, Jeremy Mann wrote:
> Derek Piper said:
>> 	You may be better off using Rjindael encryption, which is normally used
>> on AG Venues when setting the 'encryption' option in the venue server
>> config.
>> 	A Rjindael key is passed to VIC and RAT as 'Rjindael/passphrase' where
>> passphrase should be something random and unguessable, and distributed
>> to those needing the key to enter manually. There's a program for Debian
>> called 'pwgen' that I've used to generate a passphrase before. For
>> manually entering the key, you would probably just disable the venue
>> encryption and manually key it in. For a DES key, just use a passphrase
>> that doesn't start with a string 'Rjindael/'.
>> 	Of course you can also use certificates to secure a venue too, so not
>> just anyone can enter and obtain the encryption key.
> 
> The certificate security can not be done because half the participants are
> inSORS nodes. I'll try out this pwgen and test it out. Thanks!
> 
>