On 15.12.2016 20.45, David Sommerseth wrote:
> If you have a shabby random number generator and no entropy gathering
> configured,
> those keys can be fairly poor. This goes in particular for embedded devices,
> but also in
> some cases also includes virtual machines (depends on if the
On 15/12/16 20:05, Magnus Kroken wrote:
> Hi Kevin
>
> On 14.12.2016 07.54, Kevin Long wrote:
>> Assuming an adversary has full access to intercept your network traffic,
>> and virtually limitless computing power, What would you do to make the
>> best OpenVPN setup?
> --snip--
>> 1. Use easy-rsa3
A working Quantum computer with sufficient capacity will obsolete EC, RSA etc.
It will all be game-over.
End of story. [At least mostly.]
But by the time a quantum computer with the sufficient qbits becomes available,
we'll likely understand [a lot] better the ramifications of such a machine and
On 14/12/16 14:40, Jan Just Keijser wrote:
> Hi,
>
> David's remarks are correct. I've added some small nuances below, but
> overall the answers do not change.
>
> On 14/12/16 12:40, David Sommerseth wrote:
>> On 14/12/16 07:54, Kevin Long wrote:
>>> 1. Use easy-rsa3 or equivalent openssl
Hi,
David's remarks are correct. I've added some small nuances below, but
overall the answers do not change.
On 14/12/16 12:40, David Sommerseth wrote:
> On 14/12/16 07:54, Kevin Long wrote:
>> 1. Use easy-rsa3 or equivalent openssl commands to generate your
>> keys/certificates using elliptic
On 14/12/16 07:54, Kevin Long wrote:
> 1. Use easy-rsa3 or equivalent openssl commands to generate your
> keys/certificates using elliptic curve (instead of RSA).
I'm no crypto expert, but I believe there are some concerns about EC
and post-quantum computing, where it is believed that RSA will be