Next: , Previous: , Up: Glossary  

Encryptionless mode

Some jurisdictions can force user to reveal his encryption keys. However they can not ask for authentication (signing) keys. So you are safe to use authentication algorithms, but not the encryption ones. Moreover some countries forbids usage of encryption (but again not the authentication).

GoVPN provides special encryptionless mode of operation. In this mode it replaces ChaCha20 function used for confidentiality with rather well-known Chaffing-and-Winnowing (CnW) technology. This is rather traffic and resource hungry algorithm, so we use it after All-Or-Nothing-Transformation (based on Optimal Asymmetric Encryption Padding) on the data. This is confidentiality preserving encoding.

AONT is just a keyless encoding of the data. CnW uses only authentication function. Handshake additionally uses Diffie-Hellman and signature algorithms. No encryption and steganography involved.

In this mode each outgoing packet became larger on 4128 bytes and noise is forcefully enabled. So this is resource hungry mode!

See govpn/cnw and govpn/aont packages for details of AONT and chaffing operations.