Jump to content


Photo
- - - - -

why AIRVPN not using sha2 instead of sha1 ?


  • Please log in to reply
4 replies to this topic

#1 tiger83052

tiger83052

    Advanced Member

  • Members
  • PipPipPip
  • 32 posts

Posted 15 February 2016 - 03:45 PM

I've alaways been amazed by the level of security AIRVPN provide

 

but I think it's the time to move away from sha1 to something more secure

 

you can see in this article that sha1 no longer can be considered secure

 

https://arstechnica.com/security/2015/10/sha1-crypto-algorithm-securing-internet-could-break-by-years-end/

 

would like to here from the STAFF about this :)



#2 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7796 posts

Posted 15 February 2016 - 04:02 PM

Hello,

 

OpenVPN does not use SHA-1 as packets authentication cipher.

 

It uses HMAC SHA1, so you just don't care about collisions. In the Control Channel you can also have HMAC SHA384. See also https://airvpn.org/specs

 

For a more thorough discussion see https://airvpn.org/topic/14837-control-channel-cipher-satisfactory/page-2#entry33173

 

Kind regards



#3 tiger83052

tiger83052

    Advanced Member

  • Members
  • PipPipPip
  • 32 posts

Posted 15 February 2016 - 04:19 PM

Hello,

 

OpenVPN does not use SHA-1 as packets authentication cipher.

 

It uses HMAC SHA1, so you just don't care about collisions. In the Control Channel you can also have HMAC SHA384. See also https://airvpn.org/specs

 

For a more thorough discussion see https://airvpn.org/topic/14837-control-channel-cipher-satisfactory/page-2#entry33173

 

Kind regards

 

does Eddie by default use HMAC SHA384 ? or it should be added manually ? if yes , then how to do it ?



#4 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7796 posts

Posted 15 February 2016 - 04:33 PM

Hello,

 

OpenVPN does not use SHA-1 as packets authentication cipher.

 

It uses HMAC SHA1, so you just don't care about collisions. In the Control Channel you can also have HMAC SHA384. See also https://airvpn.org/specs

 

For a more thorough discussion see https://airvpn.org/topic/14837-control-channel-cipher-satisfactory/page-2#entry33173

 

Kind regards

 

does Eddie by default use HMAC SHA384 ? or it should be added manually ? if yes , then how to do it ?

 

Hello!

 

It does not depend on Eddie, it's on OpenVPN. Eddie comes packaged with an OpenVPN version that supports it and will pick it by default. Otherwise make sure that OpenVPN in your system is up to date.

 

Kind regards



#5 tiger83052

tiger83052

    Advanced Member

  • Members
  • PipPipPip
  • 32 posts

Posted 15 February 2016 - 04:41 PM

 

 


Hello,

 

OpenVPN does not use SHA-1 as packets authentication cipher.

 

It uses HMAC SHA1, so you just don't care about collisions. In the Control Channel you can also have HMAC SHA384. See also https://airvpn.org/specs

 

For a more thorough discussion see https://airvpn.org/topic/14837-control-channel-cipher-satisfactory/page-2#entry33173

 

Kind regards

does Eddie by default use HMAC SHA384 ? or it should be added manually ? if yes , then how to do it ?

Hello!

 

It does not depend on Eddie, it's on OpenVPN. Eddie comes packaged with an OpenVPN version that supports it and will pick it by default. Otherwise make sure that OpenVPN in your system is up to date.

 

Kind regards

2.3.3 and newer will look for SHA384 , and eddie comes with 2.3.8 which mean i'm good

thank you







Similar Topics Collapse

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Sessions: 13809 - BW: 46043 Mbit/sYour IP: 34.229.175.129Guest Access.