Discussion:
[Openvpn-users] Is it safe to disable packet authentication (auth) with GCM ciphers?
Karol Babioch
2017-01-31 20:53:09 UTC
Permalink
Hi,

since OpenVPN 2.4 supports GCM ciphers I'm wondering whether it is safe
to disable packet authentication (--auth) entirely. To my understanding
GCM ciphers provide encryption as well as authentication.

Are there any arguments to keep it enabled anyway? What arguments can be
made for or against it? Obviously it adds some overhead, so performance
is probably a little bit worse with explicit packet authentication. Are
there any other things to consider?

Best regards,
Karol Babioch
Steffan Karger
2017-01-31 21:31:32 UTC
Permalink
Hi,
Post by Karol Babioch
since OpenVPN 2.4 supports GCM ciphers I'm wondering whether it is safe
to disable packet authentication (--auth) entirely. To my understanding
GCM ciphers provide encryption as well as authentication.
Are there any arguments to keep it enabled anyway? What arguments can be
made for or against it? Obviously it adds some overhead, so performance
is probably a little bit worse with explicit packet authentication. Are
there any other things to consider?
The --auth parameter is ignored for the data channel crypto when using
GCM ciphers, so it won't make any difference there. It is however
still used to determine the --tls-auth HMAC digest.

-Steffan
Dreetjeh D
2017-02-02 09:56:17 UTC
Permalink
Hello,
Hi,
<.....>
The --auth parameter is ..... still used to determine the --tls-auth HMAC digest.
-Steffan
I guess in case of --tls-crypt, --auth is not needed/doing anything?


Thanks, Pippin
Steffan Karger
2017-02-02 12:43:15 UTC
Permalink
Hi,
Post by Dreetjeh D
<.....>
The --auth parameter is ..... still used to determine the --tls-auth HMAC digest.
I guess in case of --tls-crypt, --auth is not needed/doing anything?
Correct. --tls-crypt *always* uses HMAC-SHA256 for authentication, no
matter what you specify as --auth.

-Steffan
Dreetjeh D
2017-02-02 12:56:53 UTC
Permalink
Post by Steffan Karger
Hi,
Post by Dreetjeh D
<.....>
The --auth parameter is ..... still used to determine the --tls-auth HMAC digest.
I guess in case of --tls-crypt, --auth is not needed/doing anything?
Correct. --tls-crypt *always* uses HMAC-SHA256 for authentication, no
matter what you specify as --auth.
-Steffan
Thank you.

P.S.
Possibly interesting read for who understands, ... i don`t :)
"Achieving 128-bit Security against Quantum Attacks in OpenVPN"
http://essay.utwente.nl/70677/1/2016-08-09%20MSc%20Thesis%20Simon%20de%20Vries%20final%20color.pdf
Steffan Karger
2017-02-17 14:10:20 UTC
Permalink
Hi,
Post by Dreetjeh D
Possibly interesting read for who understands, ... i don`t :)
"Achieving 128-bit Security against Quantum Attacks in OpenVPN"
http://essay.utwente.nl/70677/1/2016-08-09%20MSc%20Thesis%20Simon%20de%20Vries%20final%20color.pdf
Very interesting indeed. Even more, we (Fox-IT, my employer) are
already working together with the author to get this integrated into
OpenVPN-NL, and later also OpenVPN. (But be patient, this will take a
bit of time.)

-Steffan

Loading...