Secure VPN. How?

xc1024 · 2010-11-20 00:24:29

Hi everyone. I would like to create a secure VPN. Secure as in "hard to break". I was thinking of L2TP encapsulated within IPSec which would be authenticated and encrypted using one time pad. However, online I could only find tutorials concerning one time pad authentication, nothing about encryption. I have two questions.

1. Would you advise me to use something else instead? SSH tunneling perhaps?
2. If someone knows similar setup, could they share the details?
3. Do you consider one time pad of about 12 characters as strong enough?

BTW, it would be really cool if it supported Android.

Last edited by xc1024 (2010-11-20 00:27:15)

Votan · 2010-11-20 01:02:23

I've build an Internet gateway tunneling vpn thru SSH using OpenVPN, you can use 2048bit keys, should be ok

xc1024 · 2010-11-20 10:08:18

IMHO, the objective is not to have the setup that can't possibly be broken. The objective is to have a setup that fails gracefully. That's why I wanted to use OTP encryption. If one key gets broken, the rest is still safe. I'm looking for something that would work on this principle.

Note: the setup would run on fairly modern machines, therefore performance is not the key issue. If I had to choose between security and performance, I'd definitely pick security.

Last edited by xc1024 (2010-11-20 10:12:35)

sultanoswing · 2010-11-20 11:01:21

What's wrong with openVPN? Does everything you're asking and it's opensource. Thousands of people have "similar setups" (although you haven't defined what you want it for, how many machines might connect, what sort of server-clients you'll be running etc.).

xc1024 · 2010-11-20 11:26:15

To clarify: I need a secure connection between two computers. The encryption must be very strong and the key has to have properties of one time pad, eg. the key, if broken, reveals only the part of the communication that was encrypted with it.

cactus · 2010-11-22 21:39:40

If you use openvpn, just use certificates. Authentication is performed with the certificate, and an ephemeral key is negotiation at the time of encryption. You can set a rekey interval to use a new key every interval period (expressible in either in seconds, packets, or bytes).

read: http://openvpn.net/index.php/open-sourc … rview.html for more info

saline · 2010-11-25 09:04:07

xc1024 wrote:

To clarify: I need a secure connection between two computers. The encryption must be very strong and the key has to have properties of one time pad, eg. the key, if broken, reveals only the part of the communication that was encrypted with it.

The only encryption that has the properties of a OTP is OTP. You'd need a new pad for every communication and the pad would have to be at least as big as all the data you want to communicate. Exactly how will you be getting a copy of the pad to the other computer?

Arch Linux

#1 2010-11-20 00:24:29

Secure VPN. How?

#2 2010-11-20 01:02:23

Re: Secure VPN. How?

#3 2010-11-20 10:08:18

Re: Secure VPN. How?

#4 2010-11-20 11:01:21

Re: Secure VPN. How?

#5 2010-11-20 11:26:15

Re: Secure VPN. How?

#6 2010-11-22 21:39:40

Re: Secure VPN. How?

#7 2010-11-25 09:04:07

Re: Secure VPN. How?

Board footer