Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

2016-12-25 Thread Gert Doering
Hi, On Fri, Dec 16, 2016 at 04:53:34PM +0100, Sebastian Rubenstein wrote: > OpenVPN should thank you for extolling and evangelizing the benefits of > upgrading to 2.4 :) Since Jan-Just is "part of OpenVPN", he's in this with the rest of us :-) gert -- USENET is *not* the non-clickable part of

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

2016-12-16 Thread Jan Just Keijser
>> Subject: Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider >> using weak or strong encryption algorithms? > Hello Jan, thanks for your reply. > > I have learnt something new from you. I was under the impression that > tls-auth is used to protect customer

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

2016-12-16 Thread Jan Just Keijser
Hi, On 16/12/16 13:27, Sebastian Rubenstein wrote: > Can I take your above statement into consideration when I shop for a commercial VPN provider? For example, before I buy a subscription plan, I will ask if they use tls-auth ta.key. If they do, it means they trust their customers, yes? Not

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

2016-12-16 Thread Sebastian Rubenstein
pn-users@lists.sourceforge.net > Subject: Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider > using weak or strong encryption algorithms? > > But --tls-auth makes it far harder to inject packets, as > both client and server will just throw away packets with an u

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

2016-12-16 Thread Sebastian Rubenstein
Thanks Steffan for your explanation but > Sent: Friday, December 16, 2016 at 6:05 AM > From: "Steffan Karger" <stef...@karger.me> > To: "openvpn-users@lists.sourceforge.net" > <openvpn-users@lists.sourceforge.net> > Subject: Re: [Openvpn-user

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

2016-12-15 Thread Steffan Karger
Hi, On 15 December 2016 at 19:11, David Sommerseth wrote: > On 15/12/16 16:35, Sebastian Rubenstein wrote: >> Could you explain in greater detail your statement "use AES-256-GCM >> for more efficiency on the data channel"? > > I'll leave this to Steffan (or

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

2016-12-15 Thread David Sommerseth
On 15/12/16 16:35, Sebastian Rubenstein wrote: > Hi Steffan > > Thanks for taking the time to explain to me the salient features of > a good encryption/decryption VPN. > >>> tls-client >> >> This means you're using TLS for forward secrecy, and are refreshing you >> data channel keys (at least)

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

2016-12-15 Thread David Sommerseth
On 15/12/16 16:08, Sebastian Rubenstein wrote: > Hi Jan, > > Thanks for your tip. > >> You can check the cipher strength of the CA certificate by >> writing the CA blob >> >> >> -BEGIN CERTIFICATE- >> >> Large chunks of alphanumeric text >> >> -END CERTIFICATE- >> >> >> to a

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

2016-12-15 Thread Sebastian Rubenstein
Hi Steffan Thanks for taking the time to explain to me the salient features of a good encryption/decryption VPN. > > tls-client > > This means you're using TLS for forward secrecy, and are refreshing you > data channel keys (at least) hourly. That's good. Is "forward secrecy" the same as

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

2016-12-15 Thread Sebastian Rubenstein
Hi Jan, Thanks for your tip. > You can check the cipher strength of the CA certificate by > writing the CA blob > > > -BEGIN CERTIFICATE- > > Large chunks of alphanumeric text > > -END CERTIFICATE- > > > to a file and then run >openssl x509 -text -noout -in cert.pem |

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

2016-12-15 Thread Jan Just Keijser
Hi, I fully agree with Steffan. An extra check you can throw in is to check the client and server side certificates, as well as the CA certificate. The server certificate may be signed using RSA4096 but if other certificates in the chain are weaker then this offers little protection. You can

Re: [Openvpn-users] Experts' opinions needed: Is my VPN provider using weak or strong encryption algorithms?

2016-12-14 Thread Steffan Karger
Hi, On 14-12-16 17:31, Sebastian Rubenstein wrote: > I hope that some experts here will be able to tell me if my VPN provider uses > weak encryption standards with regards to encryption/decryption of control > channel authentication and data channel? Thanks. > > Below is a sample of a redacted