[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Resolved: Mystery of openvpn.


  • Subject: Re: [Openvpn-users] Resolved: Mystery of openvpn.
  • From: Martijn Lievaart <m@xxxxxxx>
  • Date: Sun, 12 Dec 2004 23:19:35 +0100

Tibbs, Richard wrote:

Also a question: How vulnerable is pre-shared key (static key in
openvpn-speak) to Man in the Middle attacks?




1) If your key is compromised, anything is possible. M-i-M attacks become reasonably simple (supposing the attacker can intercept traffic). If the key is not compromised, I see no way a M-i-M attack can be made.


2) There is also a M-i-M attack possible on the key exchange, but if the key is exchanged, the previous attack is also possible and simpler.

3) If the attacker can change the config file, and point remote to his own server, M-i-M attacks become even more simple, we just gave the attacker a way to intercept the traffic. The attacker still needs to know the key.

So when using pre-shared keys, make sure your key is transmitted safely to the other end.

HTH,
Martijn Lievaart


____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users