Hi, On Wed, Sep 24, 2014 at 09:50:35AM +0200, Stephan Alz wrote: > With the widespread of the cheap vps cloud services lately I wonder what > protection does openvpn offers ... well against the server administrators.
If the server admin has root, he can sniff on the tun interface, or
grab keys from openvpn memory - so "not much protection".
[..]
> But to get to the point, that if I setup openvpn on my droplet and let's say
> an evil admin sniffing my traffic for 3 months with tcpdump then decides to
> decrypt that traffic what tools does he have (if any to do this). At this
> point he has a pcap file and the openvpn server certificates and keys.
Now that is easy - OpenVPN does PFS, so the stored keys won't help decrypt
sniffed session traffic.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
pgpFm719mbTj9.pgp
Description: PGP signature
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
