tiger83052 4 Posted ... I've alaways been amazed by the level of security AIRVPN provide but I think it's the time to move away from sha1 to something more secure you can see in this article that sha1 no longer can be considered secure https://arstechnica.com/security/2015/10/sha1-crypto-algorithm-securing-internet-could-break-by-years-end/ would like to here from the STAFF about this Quote Share this post Link to post
Staff 9968 Posted ... Hello, OpenVPN does not use SHA-1 as packets authentication cipher. It uses HMAC SHA1, so you just don't care about collisions. In the Control Channel you can also have HMAC SHA384. See also https://airvpn.org/specs For a more thorough discussion see https://airvpn.org/topic/14837-control-channel-cipher-satisfactory/page-2?do=findComment&comment=33173 Kind regards Quote Share this post Link to post
tiger83052 4 Posted ... Hello, OpenVPN does not use SHA-1 as packets authentication cipher. It uses HMAC SHA1, so you just don't care about collisions. In the Control Channel you can also have HMAC SHA384. See also https://airvpn.org/specs For a more thorough discussion see https://airvpn.org/topic/14837-control-channel-cipher-satisfactory/page-2?do=findComment&comment=33173 Kind regards does Eddie by default use HMAC SHA384 ? or it should be added manually ? if yes , then how to do it ? Quote Share this post Link to post
Staff 9968 Posted ... Hello, OpenVPN does not use SHA-1 as packets authentication cipher. It uses HMAC SHA1, so you just don't care about collisions. In the Control Channel you can also have HMAC SHA384. See also https://airvpn.org/specs For a more thorough discussion see https://airvpn.org/topic/14837-control-channel-cipher-satisfactory/page-2?do=findComment&comment=33173 Kind regards does Eddie by default use HMAC SHA384 ? or it should be added manually ? if yes , then how to do it ? Hello! It does not depend on Eddie, it's on OpenVPN. Eddie comes packaged with an OpenVPN version that supports it and will pick it by default. Otherwise make sure that OpenVPN in your system is up to date. Kind regards Quote Share this post Link to post
tiger83052 4 Posted ... Hello, OpenVPN does not use SHA-1 as packets authentication cipher. It uses HMAC SHA1, so you just don't care about collisions. In the Control Channel you can also have HMAC SHA384. See also https://airvpn.org/specs For a more thorough discussion see https://airvpn.org/topic/14837-control-channel-cipher-satisfactory/page-2?do=findComment&comment=33173 Kind regardsdoes Eddie by default use HMAC SHA384 ? or it should be added manually ? if yes , then how to do it ?Hello! It does not depend on Eddie, it's on OpenVPN. Eddie comes packaged with an OpenVPN version that supports it and will pick it by default. Otherwise make sure that OpenVPN in your system is up to date. Kind regards2.3.3 and newer will look for SHA384 , and eddie comes with 2.3.8 which mean i'm goodthank you Quote Share this post Link to post