Jump to content
Not connected, Your IP: 3.235.75.196

Recommended Posts

Posted ... (edited)

Correction/Update.

Here is what the Staff posted, Showing that there is no real security benefit in using HMAC SHA2 over HMAC SHA1.
******************************
Hello,

the following paper is extremely important, because provides mathematical proof that HMAC is a PRF under the sole assumption that the compression function is a PRF. As long as the assumption holds true, as it is until now, after 10 years the paper was written, there is really no reasonable argumentation to grade "security" of HMAC SHA2 over HMAC SHA1. Or even HMAC MD5!

https://cseweb.ucsd.edu/~mihir/papers/hmac-new.pdf

Kind regards


****************************************************************
Is perfect privacy more secure? Here's the control channel authentication they use versus airvpn. And if they're using more secure control channel authentication Will airVPN ever improve theres to match price perfect privacy?

Airvpn
Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384

Perfect privacy
Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384

Edited ... by Keksjdjdke

Share this post


Link to post

There is almost no security difference between HMAC-SHA512 and HMAC-SHA1.

There are a known collisions in SHA1 that allows someone to compute a collision on

a cluster of Amazon servers, there is no known way to apply that to HMAC-SHA1.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

But if there is a small security improvement, then it should be used. Right?

I'm referring to HMAC-SHA512 being used instead of HMAC-SHA1

Share this post


Link to post

No, it is not right just to see a bigger number and jump aboard.

Many devices have older OpenVPN versions which do not support this, and devices

with not enough CPU power will be significantly slower even if they support it.

There are also a 4096 bit RSA keys used for authentication, something other providers

don't use or simply tell you to use obsolete logins and passwords.

Not sure why if it makes you feel "more secure", however there is absolutely no technical

reason for this, until we see some work where HMAC-SHA1

is broken, and this is not used with Air partially for the reasons I mentioned above.

 

Please review a fruitful discussion on this matter here:

http://stackoverflow.com/questions/18080445/difference-between-hmacsha256-and-hmacsha512


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

No, it is not right just to see a bigger number and jump aboard.

Many devices have older OpenVPN versions which do not support this, and devices

with not enough CPU power will be significantly slower even if they support it.

There are also a 4096 bit RSA keys used for authentication, something other providers

don't use or simply tell you to use obsolete logins and passwords.

Not sure why if it makes you feel "more secure", however there is absolutely no technical

reason for this, until we see some work where HMAC-SHA1

is broken, and this is not used with Air partially for the reasons I mentioned above.

 

Please review a fruitful discussion on this matter here:

http://stackoverflow.com/questions/18080445/difference-between-hmacsha256-and-hmacsha512

Thank you for clarifying, it makes sense now.

Share this post


Link to post

No, it is not right just to see a bigger number and jump aboard.

Many devices have older OpenVPN versions which do not support this, and devices

with not enough CPU power will be significantly slower even if they support it.

There are also a 4096 bit RSA keys used for authentication, something other providers

don't use or simply tell you to use obsolete logins and passwords.

Not sure why if it makes you feel "more secure", however there is absolutely no technical

reason for this, until we see some work where HMAC-SHA1

is broken, and this is not used with Air partially for the reasons I mentioned above.

 

Please review a fruitful discussion on this matter here:

http://stackoverflow.com/questions/18080445/difference-between-hmacsha256-and-hmacsha512

In the discussion, the user links to the website below. And on that website the BSI method hash key size is 256bits.

https://www.keylength.com/en/compare/

Share this post


Link to post

Hello,
 
the following paper is extremely important, because provides mathematical proof that HMAC is a PRF under the sole assumption that the compression function is a PRF.  As long as the assumption holds true, as it is until now, after 10 years the paper was written, there is really no reasonable argumentation to grade "security" of HMAC SHA2 over HMAC SHA1. Or even HMAC MD5!

 

https://cseweb.ucsd.edu/~mihir/papers/hmac-new.pdf

 

Kind regards

Share this post


Link to post

Hello,

 

the following paper is extremely important, because provides mathematical proof that HMAC is a PRF under the sole assumption that the compression function is a PRF.  As long as the assumption holds true, as it is until now, after 10 years the paper was written, there is really no reasonable argumentation to grade "security" of HMAC SHA2 over HMAC SHA1. Or even HMAC MD5!

 

https://cseweb.ucsd.edu/~mihir/papers/hmac-new.pdf

 

Kind regards

Thank you. I will read over the paper.

Share this post


Link to post

Perfect Privacy is not more secure and was founded and is run by Neo-Nazis. Do you want your money going to support people with that kind of disgusting world view?

Share this post


Link to post

Perfect Privacy is not more secure and was founded and is run by Neo-Nazis. Do you want your money going to support people with that kind of disgusting world view?

 

Everyone has their own views, and it doesn't necessarily mean their business practices are bad keep that in mind.

Share this post


Link to post

 

Perfect Privacy is not more secure and was founded and is run by Neo-Nazis. Do you want your money going to support people with that kind of disgusting world view?

 

Everyone has their own views, and it doesn't necessarily mean their business practices are bad keep that in mind.

 

Yes, the quality of PP service is good, though not as good as Airvpn. I don't consider the promotion of genocide and subjugation of the world's population under a brutal dictator merely a "point of view". Are you suggesting that killing the world's Jews, gays, and non-Aryans is just another valid way of looking at things?

 

If you don't care about the moral implications of using Perfect Privacy, be prepared to pay through the nose to support such scum: PP is nearly three times the price of Airvpn.

Share this post


Link to post

 

 

Perfect Privacy is not more secure and was founded and is run by Neo-Nazis. Do you want your money going to support people with that kind of disgusting world view?

 

Everyone has their own views, and it doesn't necessarily mean their business practices are bad keep that in mind.

 

Yes, the quality of PP service is good, though not as good as Airvpn. I don't consider the promotion of genocide and subjugation of the world's population under a brutal dictator merely a "point of view". Are you suggesting that killing the world's Jews, gays, and non-Aryans is just another valid way of looking at things?

 

If you don't care about the moral implications of using Perfect Privacy, be prepared to pay through the nose to support such scum: PP is nearly three times the price of Airvpn.

 

I'm les(gay) myself and yes it is valid even if it makes them against me, I did use PP and it was too expensive, and when they forced IPv6 I said noty.

Share this post


Link to post

There is no real proof that the owner's are neo nazi's.

Even if they are, would you cancel AirVPN, just because the owners/creators are hackers? No, you would not.

Share this post


Link to post

A. The word "hacker" is vague...could be good, could be bad. Either way there's no moral equivalency between hacking and genocide. Let's say it became known that Airvpn was deliberately helping a dictatorship capture and torture democracy advocates....yes, I would drop them in a second because I would not want my money supporting people with those values.

Share this post


Link to post

 

 

 

Perfect Privacy is not more secure and was founded and is run by Neo-Nazis. Do you want your money going to support people with that kind of disgusting world view?

 

Everyone has their own views, and it doesn't necessarily mean their business practices are bad keep that in mind.

 

Yes, the quality of PP service is good, though not as good as Airvpn. I don't consider the promotion of genocide and subjugation of the world's population under a brutal dictator merely a "point of view". Are you suggesting that killing the world's Jews, gays, and non-Aryans is just another valid way of looking at things?

 

If you don't care about the moral implications of using Perfect Privacy, be prepared to pay through the nose to support such scum: PP is nearly three times the price of Airvpn.

 

I'm les(gay) myself and yes it is valid even if it makes them against me, I did use PP and it was too expensive, and when they forced IPv6 I said noty.

EdensSpire, the world's neo-nazis want to recreate is the world of Hitler. If you were alive then they would have put you in a concentration camp and worked you to death because of your sexual orientation. Do you really think that is a valid point of view?

Share this post


Link to post

There is no real proof that the owner's are neo nazi's.

Even if they are, would you cancel AirVPN, just because the owners/creators are hackers? No, you would not.

Yes, there is real proof that the founders of Perfect Privacy are neo Nazis: at least one of them was convicted by the German government for neo-Nazi activities. Here are some links:

 

https://linksunten.indymedia.org/en/node/61004

 

http://www.constantinereport.com/austria-home-mozart-liszt-strauss-hitler-neo-nazisvpn-provider-perfect-privacy-run-neo-nazis/

 

https://en.wikipedia.org/wiki/Gottfried_K%C3%BCssel

Share this post


Link to post

P.S. One of the founders of AivVPN is Mr. Paolo Brini. He is also a spokesperson for ScambioEtico, an Italian group that campaigns for civil liberties and copyright reform. That gives me a warm fuzzy feeling about AirVPN. Thanks Mr. Brini !!!

Share this post


Link to post

 

There is no real proof that the owner's are neo nazi's.

Even if they are, would you cancel AirVPN, just because the owners/creators are hackers? No, you would not.

Yes, there is real proof that the founders of Perfect Privacy are neo Nazis: at least one of them was convicted by the German government for neo-Nazi activities. Here are some links:

 

https://linksunten.indymedia.org/en/node/61004

 

http://www.constantinereport.com/austria-home-mozart-liszt-strauss-hitler-neo-nazisvpn-provider-perfect-privacy-run-neo-nazis/

 

https://en.wikipedia.org/wiki/Gottfried_K%C3%BCssel

I rest my case then. Thanks for proving me wrong.

Share this post


Link to post

 

 

 

 

Perfect Privacy is not more secure and was founded and is run by Neo-Nazis. Do you want your money going to support people with that kind of disgusting world view?

 

Everyone has their own views, and it doesn't necessarily mean their business practices are bad keep that in mind.

 

Yes, the quality of PP service is good, though not as good as Airvpn. I don't consider the promotion of genocide and subjugation of the world's population under a brutal dictator merely a "point of view". Are you suggesting that killing the world's Jews, gays, and non-Aryans is just another valid way of looking at things?

 

If you don't care about the moral implications of using Perfect Privacy, be prepared to pay through the nose to support such scum: PP is nearly three times the price of Airvpn.

 

I'm les(gay) myself and yes it is valid even if it makes them against me, I did use PP and it was too expensive, and when they forced IPv6 I said noty.

EdensSpire, the world's neo-nazis want to recreate is the world of Hitler. If you were alive then they would have put you in a concentration camp and worked you to death because of your sexual orientation. Do you really think that is a valid point of view?

 

If I were alive during that time nobody would've known for that reason as they don't now, many countries like my own is STILL against gay people so for that reason most people hide it. Regardless just because a point of view is set on causing me harm for who I like and find sexually attractive does NOT make it less of a valid point of view, it is incredibly close minded to think that because something goes against what you want and believe it is invalid and wrong.

Share this post


Link to post

 

 

 

 

 

Perfect Privacy is not more secure and was founded and is run by Neo-Nazis. Do you want your money going to support people with that kind of disgusting world view?

 

Everyone has their own views, and it doesn't necessarily mean their business practices are bad keep that in mind.

 

Yes, the quality of PP service is good, though not as good as Airvpn. I don't consider the promotion of genocide and subjugation of the world's population under a brutal dictator merely a "point of view". Are you suggesting that killing the world's Jews, gays, and non-Aryans is just another valid way of looking at things?

 

If you don't care about the moral implications of using Perfect Privacy, be prepared to pay through the nose to support such scum: PP is nearly three times the price of Airvpn.

 

I'm les(gay) myself and yes it is valid even if it makes them against me, I did use PP and it was too expensive, and when they forced IPv6 I said noty.

EdensSpire, the world's neo-nazis want to recreate is the world of Hitler. If you were alive then they would have put you in a concentration camp and worked you to death because of your sexual orientation. Do you really think that is a valid point of view?

 

If I were alive during that time nobody would've known for that reason as they don't now, many countries like my own is STILL against gay people so for that reason most people hide it. Regardless just because a point of view is set on causing me harm for who I like and find sexually attractive does NOT make it less of a valid point of view, it is incredibly close minded to think that because something goes against what you want and believe it is invalid and wrong.

Sorry, Eden, but exercising no judgement is the poorest of judgement. You have to be able to recognize good from bad or you are.....nothing. I'm sorry you're living in a homophobic country. I can't believe you don't recognize the evil in that as you must surely suffer from it. I hope you're not living in Nigeria or Uganda where its legal to stone gay people to death, or imprison them for 14 years for a kiss. Perhaps when your government drags you away you'll be ready to see the evil. Hiding out of necessity is sane and wise. But please don;t justify those forcing you to hide and those who would happily harm you by saying they have a valid right to make your life hell because that is "open minded". If its OK for bigots to hunt and kill you for your love, what isn't OK for you in the name of "open mindedness"?

Share this post


Link to post

Just one last thing. I don't know if news of the massacre of gay people in Orlando has penetrated to you through the media censorship that often accompanies institutionalized bigotry. This is what happens when hate is tolerated or encouraged. 

Share this post


Link to post

Sorry, Eden, but exercising no judgement is the poorest of judgement. You have to be able to recognize good from bad or you are.....nothing. I'm sorry you're living in a homophobic country. I can't believe you don't recognize the evil in that as you must surely suffer from it. I hope you're not living in Nigeria or Uganda where its legal to stone gay people to death, or imprison them for 14 years for a kiss. Perhaps when your government drags you away you'll be ready to see the evil. Hiding out of necessity is sane and wise. But please don;t justify those forcing you to hide and those who would happily harm you by saying they have a valid right to make your life hell because that is "open minded". If its OK for bigots to hunt and kill you for your love, what isn't OK for you in the name of "open mindedness"?

 

I never said I had no judgement on it, I said Neo-nazis point of view of the world is not invalid. We live in a world where the majority rules it, that is also what democracy stands for if more people vote for one thing than there are people voting for the other for example then the majority will win. The problem with good and bad is that it's different from person to person, it's driven by emotion and personal beliefs and will always be, of course I wouldn't wanna. Their point of view isn't valid because of open-mindedness it is valid because it is a point of view made by people, we are all very different we enjoy different things and so on and we can't just say something is wrong and invalid because it goes against what we want. Imprisoning someone with Neo-nazi ideals would be the same as imprisoning someone who's gay, we are against them and they are against us, that doesn't make us any better.

 

 

It did reach me although a friend told me the shooter said he was from ISIS, I really didn't get to read much about it

Just one last thing. I don't know if news of the massacre of gay people in Orlando has penetrated to you through the media censorship that often accompanies institutionalized bigotry. This is what happens when hate is tolerated or encouraged. 

Share this post


Link to post

The thing is you want to tolerate them, but they want to exploit and murder you. While you're busy tolerating them, they're busy planning to exterminate you.

 

Re: Orlando, its still early, but the murder seems to be a conflation of many evils: Muslim extremist, gay hater, maybe self-loathing gay, mentally unstable, violent wife beater, maybe racist Latino hater.

 

Well, we probably shouldn't hijack the topic. You can PM me if you want. Keep well.

Share this post


Link to post

So here is my experience on PerfectPrivacy:

Been there one month, paid via PaysafeCard - everything fine.
Made new acc second month, PaysafeCard, everything fine...
Third month, new Acc, PaysafeCard, everything fine..

Then, fourth month, new Acc via Paysafe; Paysafe got charged - got no login data via email.
Wrote support asked for login data - no answer came.
Asked again second day - no answer from support.

Checked on third day, saw that Paysafe was taken out of payment-possibilities. (Paysafe was charged already)
Never went back since then...

At all, they have a very good security-standard, very fast servers, good server locations - everything is SUSPICIOUS good.
If you asked me: Too good ;D

And that they charged a PaysafeCard, then didn't give login data and after 3 days they take Paysafe out of payment-possibilites at all, well that's not nice.
I believe I know who runs it - but I won't post here, everybody can make his own opinion about that.


regards,
me

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...