Hello David, Thanks for the time that you spent on explaining basic concepts to me.
> Sent: Friday, December 16, 2016 at 2:11 AM > From: "David Sommerseth" <open...@sf.lists.topphemmelig.net> > To: "Sebastian Rubenstein" <asdf123...@gmx.com>, > openvpn-users@lists.sourceforge.net > Subject: Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider > using weak or strong encryption algorithms? > > But --tls-auth makes it far harder to inject packets, as > both client and server will just throw away packets with an unexpected > HMAC signature. However, commercial public VPN providers will need to > provide the same key to all its users, so if the packet injection comes > from a user who managed to get a copy of that --tls-auth key, the > protection isn't effective any more. Thanks David for highlighting the above. When you wrote --tls-auth key, you were referring to the server-side --tls-auth key, which is owned and kept by the VPN provider, yes? > > So if the VPN provider uses a proper community based version and not > their own AES-GCM implementation, this should work quite fine out of the > box with v2.4. My VPN provider has its own AES-GCM implementation and has even offered me the source code to check for security risks. As I am no expert in OpenVPN technologies and cryptography, I declined to use their software. Regards. Sebastian ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
