So I setup OpenVPN for the first time using the Static Key Mini-HOWTO which uses the default cipher BF-CBC. On startup, I was warned the cipher is vulnerable to the SWEET32 attack. I have since changed the cipher to AES-256-CBC, but I am wondering if I need change my static.key to be safe.
My understanding is there is a separate process for authentication which doesn't use static.key, and instead uses something else which involves SHA or whatever, so I shouldn't have to change my static.key.
Can static.key be seen if the cipher is cracked?
Can static.key be seen if the cipher is cracked?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
Kolusion
- OpenVPN User
- Posts: 20
- Joined: Tue Sep 05, 2023 9:18 am