| Posted by mrzippy, 07-15-2008, 02:08 PM | | Hello,
Can anyone who is a security expert recommend the most secure option for choosing what type of "cipher" to use with our OpenVPN setup?
(I bolded the one I think might be best? Let me know what you think. We are currently using "BF-CBC", but I want to be sure it's not breakable...)
|
| Posted by simonapnic, 07-15-2008, 08:18 PM | | AES-256-CBC 256 bit default key (fixed)
It's the most suitable for a general setup.
And, let's face it. Nobody is even going to try and decrypt sniffed SSL-ed VPN packets. They'd rather do a Man-In-The-Middle attack, which is pretty hard to pull out.
|
| Posted by bob789, 11-13-2013, 01:56 PM | | Hi,
I realize this is an ancient post, but going the other way, what cipher would use the least CPU resources?
I have an OpenWRT box, everything else is fast so its OpenVPN process is the bottleneck.
If there are other ways to improve performance too, I am all ears.
Thanks very much,
-Bob
|
| Posted by Buycpanel-Kevin, 11-13-2013, 08:44 PM | | Wait a minute, isn't sniffing packets and the man in the middle attack basically the same thing?
|
| Posted by Doktor Jones, 11-13-2013, 11:26 PM | | Not at all. Sniffing is basically just watching the packets that go by, and trying to figure out what's inside. With encrypted traffic, that's not very useful because you'd have to break the cipher.
MITM involves interposing yourself between the client and server; the client believes you're the server and the server believes you're the client. As such, you'd act as the encryption endpoint for both sides, and thus see the decrypted data (assuming both server and client accept the certificates you're using).
|
|
 Add to Favourites
 Print this Article
|
