|
|
I don't think there is much to be concerned about here. These are really not new attacks. As the article indicates this is updated work from the pseudo collisions discovered in 1993 in MD5 and related algorithms. By default, OpenVPN uses SHA-1 which is not identified as having any new weaknesses and still provides around 2^80 protection from a brute force attack. If you are using MD5 with OpenVPN, you are doing it deliberately and you should stop. MD5 has been crumbling for years and it is high time to switch. Charlie Quoting Jon Bendtsen <jon.bendtsen@xxxxxxxxxx>: > http://www.cryptography.com/cnews/hash.html > > "Cryptography Research has received many inquiries about the hash > collision attacks that were recently announced at the CRYPTO 2004 > conference. This document attempts to address these questions." > > But they do not talk directly about OpenVPN, so i am asking here: > What security implications does the recent attacks on HASH algorithms > have for OpenVPN? > > > > JonB > > > > ------------------------------------------------------- > This SF.Net email is sponsored by BEA Weblogic Workshop > FREE Java Enterprise J2EE developer tools! > Get your free copy of BEA WebLogic Workshop 8.1 today. > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users > > > ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |