LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-19-2010, 04:08 PM   #1
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,303

Rep: Reputation: 57
Is this stronger than AES-256?


These people offer a free VPN that claims "2048-bit military strength".

http://webcache.googleusercontent.co...ient=firefox-a

But last time I looked AES-256 was the strongest available to us non-military users. So what is it they're offering, illegal encryption? Or is it just misleading marketing and it's weaker than AES-256?
 
Old 06-19-2010, 06:15 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by Ulysses_ View Post
These people offer a free VPN that claims "2048-bit military strength".

http://webcache.googleusercontent.co...ient=firefox-a

But last time I looked AES-256 was the strongest available to us non-military users. So what is it they're offering, illegal encryption? Or is it just misleading marketing and it's weaker than AES-256?
If it's a 2048-bit symmetric key, then yes, the key length is 8 times greater, resulting in an enormous boost to the key space (2^256 vs. 2^2048). I have a feeling they're referring to an asymmetric key, however of course, I'm not sure. If that were indeed the case, though, keep in mind that a 2048-bit asymmetric key is about as strong as a 112-bit symmetric key according to NIST. Have you considered contacting proXPN to ask them for clarification with regards to what exactly they're offering? I glanced at their site but couldn't find any details.

As a side note, Bruce Schneier wrote a pretty neat article explaining why ridiculously long keys don't actually increase security the way most people imagine. You might also want to check out his article about cryptographic snake oil (especially warning sign #5).

Last edited by win32sux; 06-19-2010 at 06:18 PM.
 
Old 06-20-2010, 05:10 AM   #3
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,070

Rep: Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897
Quote:
Originally Posted by Ulysses_ View Post
These people offer a free VPN that claims "2048-bit military strength".

http://webcache.googleusercontent.co...ient=firefox-a

But last time I looked AES-256 was the strongest available to us non-military users. So what is it they're offering, illegal encryption? Or is it just misleading marketing and it's weaker than AES-256?
I couldn't see the word 'military' anywhere on the page quoted; what they say is 'by creating a 2,048-bit encrypted connection...'. Perhaps as well, given Mr Schneier's comments in the links above (brilliant links, btw, people should be forced to read them).

There doesn't seem to be much of anything in their help centre; perhaps understandable if this is a very new start-up, otherwise a worrying sign.
 
Old 06-20-2010, 01:19 PM   #4
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,303

Original Poster
Rep: Reputation: 57
Good post win32sux. And great links alright.

So if we can't trust this vpn provider for offering what they say, then we can't trust them for keeping our communications private, or anonymoys. However, I have an idea:

What if you connect to the vpn, share the connection to another computer B in your lan (internet connection sharing), and then on computer B you set up a connection to another vpn from another provider, that you then share this connection (using internet connection sharing) to another computer C, and repeat? In other words:

a vpn inside a vpn inside a vpn ...

which is NOT vpn chaining.

Then an adversary would have to force ALL vpn providers involved to reveal decrypted data in order to break your privacy. And if just one vpn is in a hostile jurisdiction, the adversary gets stuck there.
 
Old 06-20-2010, 01:28 PM   #5
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,303

Original Poster
Rep: Reputation: 57
Quote:
Originally Posted by salasi View Post
I couldn't see the word 'military' anywhere on the page quoted;
They've deleted 'military' from everywhere in their site now that their beta stage is over, here's an original page before they deleted 'military':

http://webcache.googleusercontent.co...://proxpn.com/

"Secures your internet with 2048-bit military-grade VPN encryption, for free"

Last edited by Ulysses_; 06-20-2010 at 01:29 PM.
 
Old 06-20-2010, 02:52 PM   #6
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by Ulysses_ View Post
Good post win32sux. And great links alright.

So if we can't trust this vpn provider for offering what they say, then we can't trust them for keeping our communications private, or anonymoys. However, I have an idea:

What if you connect to the vpn, share the connection to another computer B in your lan (internet connection sharing), and then on computer B you set up a connection to another vpn from another provider, that you then share this connection (using internet connection sharing) to another computer C, and repeat? In other words:

a vpn inside a vpn inside a vpn ...

which is NOT vpn chaining.

Then an adversary would have to force ALL vpn providers involved to reveal decrypted data in order to break your privacy. And if just one vpn is in a hostile jurisdiction, the adversary gets stuck there.
Wow! Might as well just use Tor then.
 
Old 06-20-2010, 03:04 PM   #7
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,303

Original Poster
Rep: Reputation: 57
Tor is too slow.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Thumbernails bigger than 256 x 256? yooy Linux - Software 3 06-09-2010 01:24 AM
Laptop stronger than desktop wireless nathanhillinbl Linux - Wireless Networking 5 12-10-2007 09:47 PM
LXer: OLPC: Fading or stronger than ever? LXer Syndicated Linux News 0 04-28-2007 06:31 PM
using aes-i586 instead of just aes whysyn Linux - Security 0 03-07-2007 03:47 PM
What R the requirements of aes-256 encrypted loopback device? zahoo Linux - Software 1 06-14-2005 08:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration