Zeroshell VPN key security

Forums Network Management ZeroShell Zeroshell VPN key security

  • This topic is empty.
Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • May 9, 2017 at 8:44 am #44800
    reaperz
    Participant

    I was restarting my LAN-to-LAN VPN connection and saw such messages in log:

    WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).

    Is it really true, that I am using only 64-bit VPN-key? How to find out?

    If really true, why is key length not configurable in Zeroshell?

    How to use AES256 NOW?

    It is year 2017, 64-bit keys were considered insecure even 10 years ago…

    May 9, 2017 at 10:11 am #54455
    reaperz
    Participant

    I did add to all my VPN-link Parameters: –cipher AES-256-CBC

    Did I do the right thing? Am I using AES256 now?

    At least it did disconnect current VPN tunnels and did not come back up, unless both sides were configured with –cipher AES-256-CBC

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.