Hi Kevin On 14.12.2016 07.54, Kevin Long wrote: > Assuming an adversary has full access to intercept your network traffic, > and virtually limitless computing power, What would you do to make the > best OpenVPN setup? --snip-- > 1. Use easy-rsa3 or equivalent openssl commands to generate your > keys/certificates using elliptic curve (instead of RSA).
Keep in mind that if you don't generate each private key file on the device it will be used, you need a secure channel to move it to the target device. I suppose you are aware since the subject is specifically "cryptographic security", but as easy-rsa provides convenient commands like build-client-full it is easy to miss. Cryptography is just one layer - a very important one, but there are many other ways to break security. > -Kevin /Magnus ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
