[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] secret key question

  • Subject: Re: [Openvpn-users] secret key question
  • From: "James Yonan" <jim@xxxxxxxxx>
  • Date: Fri, 9 Apr 2004 06:21:39 -0000
Sara,

It's a good question -- not all of the bits in the --secret key file are
actually used for key material.  Different ciphers and HMAC hashes need a
varying amount of entropy for key material, and the 2048 bit OpenVPN static
key file format is designed to have enough entropy to seed large-key ciphers
such as AES-256.

Basically the 2048 bits of entropy are divided 4 ways:

encrypt cipher (512 bits)
encrypt HMAC   (512 bits)
decrypt cipher (512 bits)
decrypt HMAC   (512 bits)

This is considerably future-proofed, as most ciphers in common use today use
128 bit keys, and the SHA1 hash uses 160 bits of key material.

So if you tweak a bit in the key file that isn't used, it won't have any
functional effect.

James 

sara <srps1579@xxxxxxxxxxx> said:

> I am using a key based authentaication for my vpn set
> up.
> I created a seceret key in the server and copy that
> key to my client side and everyhing works
> fine.Yesterday i opened that secret key in editor and
> deleted 2 or 3 lines in the key file.After this i
> start the the vpn and it is creating the peer
> connection.What is going wrong here?.I think the VPN
> connection sud be established only if the secret keys
> are matching both the sides.I just followed the steps
> in the howto in openvpn website.So there is nothing
> wrong in my configuration.
>                                            --Sara
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! Small Business $15K Web Design Giveaway 
> http://promotions.yahoo.com/design_giveaway/
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 



-- 




____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users