Jump to content
Not connected, Your IP: 18.219.25.226

Recommended Posts

3 hours ago, calcu007 said:

any thoughts?

IPSec supported or they have not heard it's been broken.
No static key still using username/password. Google DNS and OpenDNS as best ones to use in given DNS options.
O me amour.
Price-wise very appealing.

Share this post


Link to post
10 hours ago, Flx said:

IPSec supported or they have not heard it's been broken.


Elaborate, with some sources, please.

I remember VyprVPN being listed as a logging VPN provider in TorrentFreak's VPN provider questionnaires, so it is sufficient if you want to watch Netflix in Uganda or pretty much anything decent on the internet if you're in China. Not sure about today or if TF still does those questionnaires, but you really shouldn't torrent over it – or hope for a pseudonym in the face of prosecution.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
3 hours ago, OpenSourcerer said:

Elaborate, with some sources, please.

What the coconuts is this? "We support both L2TP and IKEv2 for IPSec on select platforms providing you fast, secure and reliable performance."--->>https://www.vyprvpn.com/features/vpn-protocols

 

Share this post


Link to post
@OpenSourcerer
@Flx

In general NSA is not able to break hard encryption so key exfiltration is mandatory to obtain encryption circumvention and not encryption "break". A more advanced stage is attacking the key exchange process (that explains why we already used 2048 bit DH keys since 2010 and shifted to 4096 bit DH keys in 2014, as well as 4096 bit RSA keys).

Moreover, in the specific IPsec case, check the APEX VPN four phases according to top secret documents, for a summary on how NSA can successfully attack IPSec IKEv2 and ESP through HAMMERCHANT and HAMMERSTEIN.

Unfortunately, how the decryption of ESP packets actually takes place remains unexplained. We know however that the decryption is real. "No details as to how the NSA decrypts those ESP — “Encapsulating Security Payload” — packets, although there are some clues in the form of code names in the slides." (Schneier). See also Bruce Schneier's blog and The Intercept publication of the relevant top secret document.

On top of all that, in 2013 proof of the BULLRUN program emerged thanks to Snowden revelations. BULLRUN was a program aimed, among other things, at inserting vulnerabilities into commercial encryption systems. Nowadays it is strongly suspected that BULLRUN targeted IPsec too.

We are talking about  documents leaked in 2013 but related (even) to programs designed and developed during earlier years, so it's not unreasonable to assume that in the meantime NSA has further progressed to breaking IPsec. When we created AirVPN we decided to not adopt IPsec because already in 2010 doubts on NSA interference spread out as rumors.

https://theintercept.com/document/2014/03/12/vpn-voip-exploitation-hammerchant-hammerstein/

https://www.schneier.com/blog/archives/2014/03/how_the_nsa_exp.html
(check Q&A as well)

Kind regards
 

Share this post


Link to post

I see. Should be evident that I didn't follow Snowden's document stream too closely back then. Thank you for the summary :)


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...