-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/01/14 10:16, j.witvl...@mindef.nl wrote: > Hi all,
Hi, I dare to answer this, even though I'm no cryptologist. For those who see I'm wrong, please correct me! But I don't think I'm that far from reality. > Once in a while it is handy to review all you’ve been doing and > wonder if what you do it is still wise, or you are just giving > yourself a false sense of security. > > One of the things that kept me awake was the > diffie-hellman-parameter. > > I (like probably a lot of people around here) just used the info > from the man-pages or how2 to get a properly working openvpn and I > took a precaution to use a longer DH (2K in stead of the default > 1K). > > But I noticed that my co-workers are still using the same DH I > made several years ago. > > So I wonder > > a) What kind of length is supposed to be safe (presume 2K is > still good and fast enough to generate) > > b) Should one use different DH’s for each vpn-process > > c) How often should one re-new the DH? (never, yearly, > monthly, weekly, at boot-time, at process-start-up? > > Is it wise to tighten up, or am I victim of snowdon-paranoia J > > And before mentioning it, I did read: > > http://security.stackexchange.com/questions/42415/openvpn-dhparam > > http://security.stackexchange.com/questions/38206/can-someone-explain-a-little-better-what-exactly-is-accomplished-by-generation-o/38207#38207 The > answers by tylerl, is pretty much exact, how I understand this topic. And there really isn't much secrecy regarding the DH params. It is basically just prime numbers, not any direct keying material. > http://security.stackexchange.com/questions/38206/can-someone-explain-a-little-better-what-exactly-is-accomplished-by-generation-o/38252#38252 Thomas > Pornin seems to just confirm tylerl here, as well. It makes sense to me, what he says. IIRC, the only important thing here is the length of the DH parameters. To be able to get a certain length of the temporary keys, which the DH key exchange is all about, you need a certain length of the DH parameters. Otherwise, it gets easier to crack the temporary key. Generally, I'd say 2048 should in most cases be more than fine enough. You might want to consider 4096 if you are paranoid. And if you have plenty of spare CPU cycles, you can always generate higher ones. But I'd say that's more waste of energy than enhancing the encryption. You may decide to replace your DH parameters every now and then, but I doubt it's really a need to do so too frequently or to even schedule it regularly. I don't recall the SSL/TLS wire protocol now, but IIRC, the DH parameteres passes in clear text over the wire during the key exchange. What is going to be far more interesting in the (nearer) future, is the Elliptic Curve (EC) cryptography. There are some work to adopt OpenVPN to support it, OpenSSL and PolarSSL have added support to it too. But the tricky part with EC, is that the cryptographic safety is depending on the curve algorithm used. The EC implementations are more like a framework, but both OpenSSL and PolarSSL ships with pre-implemented curves (and they will probably add more in the future too) so you don't have to configure all that magic yourself - as doing it wrong will result in really poor keys. But having all this said. The key importance for all crypto is to have proper random data. If you don't have any good RNGs in hardware, you do need some entropy gathering process which can help seeding the RNGs. And this means that you really shouldn't create any keys on embedded devices, as their entropy sources for the RNGs are poor. Also be careful when creating keys in virtualized environments, some environments provides poor entropy to the the virtualized hosts as well. - -- kind regards, David Sommerseth -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlLnm+YACgkQDC186MBRfrr5CgCgrqEKt57z6xj1TcIlaJFt+8T6 ilMAn19rGNEOoohT7VygUOhbdniH71qU =vWtb -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
