Skip to content

Peter

← PureVPN Ideas - Share Your Valuable Ideas and Suggestions

My feedback

1 result found

  1. Switch to SHA2

    12 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Service Improvement » VPN Service  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    Peter commented  · 

    Even the severely compromised MD5 algorithm can be used for HMAC, and no practical attacks against HMAC have been demonstrated. SHA2 is already supported by OpenVPN for HMAC, but the performance hit is enormous. Using SHA-256 or SHA-512 for HMAC on a low-end device like a smartphone, tablet, or consumer level router with a weak CPU causes the device to be unable to perform renegotiation within 60 seconds when the ephemeral keys expire. This causes clients to be dropped every time renegotiation takes place. SHA1 HMAC is still absolutely safe, and because SHA2 HMAC creates problems, many OpenVPN based providers will continue to opt for SHA1 HMAC, and are not wrong for doing so. You are not less safe in any way.

Feedback and Knowledge Base

(thinking…)