12 votesunder review · 1 comment · Service Improvement » VPN Service · Flag idea as inappropriate… · Admin →
An error occurred while saving the commentPeter commented
Even the severely compromised MD5 algorithm can be used for HMAC, and no practical attacks against HMAC have been demonstrated. SHA2 is already supported by OpenVPN for HMAC, but the performance hit is enormous. Using SHA-256 or SHA-512 for HMAC on a low-end device like a smartphone, tablet, or consumer level router with a weak CPU causes the device to be unable to perform renegotiation within 60 seconds when the ephemeral keys expire. This causes clients to be dropped every time renegotiation takes place. SHA1 HMAC is still absolutely safe, and because SHA2 HMAC creates problems, many OpenVPN based providers will continue to opt for SHA1 HMAC, and are not wrong for doing so. You are not less safe in any way.