Hacker News new | ask | show | jobs
by coderrr 4665 days ago
For OpenVPN - which is the only protocol we advise for real security (PPTP and IPSec/L2TP are fine for just hiding your IP) - we don't use pre-shared keys. OpenVPN uses TLS for exchanging strong symmetric keys. Your password is only used for authentication and its entropy isn't related to your session's security.
1 comments
newman314 4665 days ago
PPTP is well documented as being broken at this point but I have not seen any equivalent for IPSec/L2TP. Please quote sources as I would be interested in researching further as well as the rationale for OpenVPN being the only "real" security.
link
hyperplane 4665 days ago
The current basis for this is John Gilmore's speculation[1] on a cryptography mailing list.

[1] http://www.mail-archive.com/cryptography@metzdowd.com/msg123...

link
newman314 4665 days ago
Exactly, speculation.
link