[spekcular]

Since that explanation is somewhat terse, and I don't know anything about security, let me ask a few questions.

Am I right that the failure mode spiped protects against is someone finding an exploit that allows them to bypass ssh logins that are set to (for example) public key authentication? So if one is not worried about this, there is no point?

Further, am I correct that what spiped does in this scenario is add a second layer of encryption, so that one must first bypass spiped in order to attempt an exploit against the ssh daemon? Then, in effect, spiped acts as a small, isolated, and auditable "condom" that can be used with any public-facing service?

[marcosdumay]

What I read from that paragraph is "Spipe will block unknown computers from accessing your server's SSH (like a firewall). This provides an extra layer of security (equivalent to such a firewall) in case somebody finds a flaw on ssh."

I didn't dig into it enough to be sure, but it looks to me that spipe uses the same encryption as ssh. So, it won't protect you against crypto attacks, just restrict what computers those may come from.

For any other kind of service, spipe will tunnel it under a layer of encryption. Quite like you can do with bare ssh, but spipe is built for it and thus is more usable on that task.

[spekcular]

If I'm reading correctly, spiped uses Diffie–Hellman for public key cryptography, while contemporary best practices suggest using elliptic curve crypto with shh (e.g. see [0]). So, for the truly paranoid, it might also provide some protection against crypto attacks too?

Note that the NSA can break 1028-bit DH [1], but spiped uses 2048-bit.

[0] https://docs.github.com/en/authentication/connecting-to-gith... [1] https://blog.securegroup.com/did-the-nsa-really-break-diffie...

[discardedrefuse]

I am also not a security expert. But you seem to be correct in both cases. The spiped website also has an example of encrypting SMTP traffic between two servers in an spiped condom.

https://www.tarsnap.com/spiped.html