www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Zeroshell VPN key security

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
reaperz



Joined: 13 Apr 2012
Posts: 81

PostPosted: Tue May 09, 2017 8:44 am    Post subject: Zeroshell VPN key security Reply with quote

I was restarting my LAN-to-LAN VPN connection and saw such messages in log:

Code:
WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).


Is it really true, that I am using only 64-bit VPN-key? How to find out?

If really true, why is key length not configurable in Zeroshell?

How to use AES256 NOW?

It is year 2017, 64-bit keys were considered insecure even 10 years ago...
Back to top
View user's profile Send private message
reaperz



Joined: 13 Apr 2012
Posts: 81

PostPosted: Tue May 09, 2017 10:11 am    Post subject: Reply with quote

I did add to all my VPN-link Parameters: --cipher AES-256-CBC

Did I do the right thing? Am I using AES256 now?

At least it did disconnect current VPN tunnels and did not come back up, unless both sides were configured with --cipher AES-256-CBC
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group