MeshCentral2 - Improved Crypto & ClickOnce

Today, MeshCentral2 is going Beta2 with many more improvements, new features and improved stability. MeshCentral2 is a light weight open source remote computer management web site. In marking this version as Beta2, it broke compatibly with Beta1 and so, everyone will need to create new user accounts, create new meshes and re-install MeshAgents. The compatibly break is going to be annoying for existing users, but was necessary to move MeshCentral2 to the latest cryptographic algorithms. With improvements in both general computing and possibly quantum computers in the years to come, it’s important that any product that will be used in the long term use strong cryptography.

Starting with MeshCentral2 Beta2, all hashing is done using SHA384 instead of SHA256. This means that all node identifiers, certificate signatures, binary update hashes, password hashing and more are all using the new longer and stronger hashing function. This has a wide ranging impact on MeshCentral2, pretty much everything in the database is now different and so, it’s best to make a clean break. In addition to hashing, certificates created by MeshCentral2 now use RSA3072 instead of RSA2048. You will notice a longer time starting the server and agent for the first time as these new stronger certificates take much longer to create. Lastly, browser cookies are now encrypted and integrity checked using AES256-GCM instead of AES128-CBC/HMAC-SHA256. Long term, these updates make today’s MeshCentral2 likely more resistance against computers of the future.

Also this week, MeshCentral2 now has Microsoft ClickOnce support for RDP, Putty and WinSCP. Using this new feature, you can under the right situation, launch a native application on your computer and connect to another computer over the Internet. MeshCentral2 relays all the traffic, even thru routers and proxies. For example, when you click on the new “RDP” link on the web site, a ClickOnce routing application is installed and launched. That routing application will act as a relay between the RDP client and MeshCentral2 that will then relay the traffic to the right agent. Take a look at the new YouTube demonstration video on this topic.

Many thanks to Bryan Roe this week that been working like crazy on the MeshAgent2, the changes are impressive and significant. MeshCentral2 is still in beta and should not be used in production environments.


Microsoft ClickOnce demonstration:


For more complete information about compiler optimizations, see our Optimization Notice.