It wasn't that much effort. Almost everything under /lib/ I had already written as part of tarsnap or kivaloo; I spent maybe 10 hours making minor tweaks and cleanups to that code (which will be useful when I next use the library code anyway) and somewhere around 40 hours figuring out the protocol and writing the spiped specific code.
Having a simple secure pipe tool will save me far more time than that, once you count things like wanting to programmatically set up encrypted pipes (for which spiped's command line and arbitrary key is much better than stunnel's configuration file and SSL certificates).
effectively it only really differs in connection setup
And connection setup is a big deal. That's where almost all the vulnerabilities happen. In SSL, you go through a complicated handshake before you can decide that the client you're talking to doesn't have the right keys; in spiped, you exchange 256-bit nonces, and then if the very next buffer you read doesn't have right right HMAC, the connection is dropped. Evil data never meets asymmetric crypto. If an attacker doesn't have the key, they can't force you to burn any significant amount of CPU time.
It wasn't that much effort. Almost everything under /lib/ I had already written as part of tarsnap or kivaloo; I spent maybe 10 hours making minor tweaks and cleanups to that code (which will be useful when I next use the library code anyway) and somewhere around 40 hours figuring out the protocol and writing the spiped specific code.
Having a simple secure pipe tool will save me far more time than that, once you count things like wanting to programmatically set up encrypted pipes (for which spiped's command line and arbitrary key is much better than stunnel's configuration file and SSL certificates).
effectively it only really differs in connection setup
And connection setup is a big deal. That's where almost all the vulnerabilities happen. In SSL, you go through a complicated handshake before you can decide that the client you're talking to doesn't have the right keys; in spiped, you exchange 256-bit nonces, and then if the very next buffer you read doesn't have right right HMAC, the connection is dropped. Evil data never meets asymmetric crypto. If an attacker doesn't have the key, they can't force you to burn any significant amount of CPU time.