Hello,
from a securtity perspective are there any drawbacks of using only username/password
authentication compared to certificates based authentication besides the fact that there
is some extra security because of the file based key?
If you know of any cryptography related drawbacks (like forward secrecy etc.), please tell.
Thanks for remarks and ideas.
Axel
Benefits of certificates vs. username/password auth.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Jan 18, 2011 10:36 am
- gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: Benefits of certificates vs. username/password auth.
Hello,
Since no one else has taken the opportunity to respond, here's my take:
Probably. I am not a crypto person. There are numerous articles/documents/etc that discuss the mechanisms/philosophies/math/weaknesses/etc of SSL/TLS [handshaking|setup|use|etc]. I would direct you to google for those. When I reach the (actually important) cryptographic descriptions, my eyes glaze a bit and my brain inserts phraseology to the effect of "I am Thankful the Individuals that Grok the Calculus/statistics/etc Exist" until the document picks up on something that is absorbable by Merely Me.
Regardless, they are definitely worth a read to get a bit of a handle on how things like OpenVPN work cryptographically. Whether or not it sets you at ease is dependent on how paranoid you are.
Regards,
Stephen
Since no one else has taken the opportunity to respond, here's my take:
Probably. I am not a crypto person. There are numerous articles/documents/etc that discuss the mechanisms/philosophies/math/weaknesses/etc of SSL/TLS [handshaking|setup|use|etc]. I would direct you to google for those. When I reach the (actually important) cryptographic descriptions, my eyes glaze a bit and my brain inserts phraseology to the effect of "I am Thankful the Individuals that Grok the Calculus/statistics/etc Exist" until the document picks up on something that is absorbable by Merely Me.
Regardless, they are definitely worth a read to get a bit of a handle on how things like OpenVPN work cryptographically. Whether or not it sets you at ease is dependent on how paranoid you are.
Regards,
Stephen
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole