Leaderboard

I think PIA was recently bought by the company that owns Cyberghost: Kape, which, for several reasons, has an extremely bad reputation.

As Zhang said, There is no problem. For those who do not already know, HMAC is a hash applied to the SHA1 hash. And it is done for each and every packet. Your system, even on a slow dial up modem uses a packet for every 1500 bytes or so. So in order to defeat HMAC-SHA1 you would have to not only break it in milliseconds, but also defy the laws of physics to get your fake packet there before the real one. And let us see how long it takes a whole array of supercomputers to break SHA1 alone? https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html Here is the important part to note. Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total6,500 years of CPU computation to complete the attack first phase110 years of GPU computation to complete the second phaseThat is to do JUST ONE SINGLE hash. Not to break every hash SHA1 can do. That is one. And this absolutely cannot be done before the relevant packet is done and gone forever. You are safe. Relax.