Hi, if I got it right OpenVPN uses the following Cipher suite, if no other suite is given via the cipher directive: DHE_RSA_BF_CBC_SHA
So RSA is used for authentication, Blowfish in CBC mode for symmetric encryption. The keys for Blowfish are derived from ephermal Diffie-Hellman and changed every hour. The company I'm working for uses 1024 bit keys for RSA and therefore a modulus of 1024 bit for Diffie-Hellman (since build-dh from the Easy RSA scripts uses KEY_SIZE when the Diffie-Hellman parameter are created). We use a self-signed CA. Now I recommended them to update the key size to 2048 bit, mainly because some sources say 1024 bit aren't enough anymore. Because quite a lot of our people use OpenVPN, they asked me, if it is possible to not update all keys at once, but only issue user certs with 2048 from now on (and leave the old ones in places). They want to update the old ones later. So the process would be: a) Change KEY_SIZE from 1024 to 2048 bit. b) Create new Diffie-Hellman params (will create a file the params for 2048 bit modulus). c) Update the OpenVPN server config with the path of the new Diffie-Hellman param file. I. Is that right so far? Now here are my concerns and why _I_ think, that is a bad idea: If I do it like that, new users would get 2048 bit keys/cert as requested by the company. But theses certs will still be signed by our self signed CA which still uses the 1024 bit key/cert. Given that an attacker has enough computing resources, he could factorize "n" (from the pub key in the CA cert) to get "p" and "q". With that he would have the private key and would therefore have a copy of our CA's cert and private key. So he could launch man in the middle attacks, by creating an own server cert, signed with the private key of the CA. That would mean: Authentication via RSA is leveraged. II. Am I right, or is that rubbish? To complicate things a bit more, here is a third question: We use the tls-auth directive. III. Would an attacker be able to get our CA cert via internet at all, if he doesnt have the this key? I couldn't find any document which explains where exactly the HMAC is used in the TLS handshake. The original protocol doesnt seem to reserve a field for another HMAC?! Thanks a lot you brilliant people! ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
