Hi, On Wed, Sep 24, 2014 at 09:50:35AM +0200, Stephan Alz wrote: > With the widespread of the cheap vps cloud services lately I wonder what > protection does openvpn offers ... well against the server administrators.
If the server admin has root, he can sniff on the tun interface, or grab keys from openvpn memory - so "not much protection". [..] > But to get to the point, that if I setup openvpn on my droplet and let's say > an evil admin sniffing my traffic for 3 months with tcpdump then decides to > decrypt that traffic what tools does he have (if any to do this). At this > point he has a pcap file and the openvpn server certificates and keys. Now that is easy - OpenVPN does PFS, so the stored keys won't help decrypt sniffed session traffic. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpFm719mbTj9.pgp
Description: PGP signature
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users