Hi,
On 16/12/16 13:27, Sebastian Rubenstein wrote: > Can I take your above statement into consideration when I shop for a commercial VPN provider? For example, before I buy a subscription plan, I will ask if they use tls-auth ta.key. If they do, it means they trust their customers, yes? Not really - it means they use tls-auth to protect their servers against DDoS attacks. I'd not trust the tls-auth key file provided by a large VPN provider at all, as almost *anybody* will have access to that file. On 16/12/16 13:31, Sebastian Rubenstein wrote: > AES-GCM has a shorter authentication tag (128 bits) than HMAC-SHA256 > (256 bits). Also, AES-GCM doesn't need a unpredictable IV but rather > just a unique-per-key nonce, which mean we can transfer 8 less bytes > per packet for the IV. This saves us a total of 24 bytes per packet > overhead compared to cipher AES-256-CBC + auth SHA256. Furthermore, > AES-GCM can maximallu leverage the AES-NI hardware acceleration > available in modern Intel CPUs, which will result is *much* faster > crypto. > in terms of cryptographic strength, AES-256-GCM is comparable to HMAC-SHA256? > > AES-256-GCM is an alternative for AES-256 + SHA2 and is , as Steffan wrote, much faster due to a very nicely optimized implementation in the underlying OpenSSL libs. Most https:// connections nowadays are based on AES-256-GCM so they can be considered trusted+secure. HTH, JJK ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
