OpenVPN uses RSA handshake to secure the communication when a VPN connection is created. Learn why it is important to know the type of the OpenVPN RSA handshake key used by your VPN provider.
What is the RSA handshake?
RSA is a public-key encryption system (aka cryptosystem) used for securing the data transmission. In such a system the encryption key is public and the decryption key is kept secret (private).
A user of RSA creates and publishes the public key. Anyone can use the public key to encrypt a message, but the message can be de-crypted only by those that have access to the private key.
When a OpenVPN VPN connection is created, the negotiation between the server and the client is done using SSL implemented with the RSA handshake keys. This handshake occurs at the very beginning of an OpenVPN session.
RSA-1024 cracked, RSA-2048 considered safe
The length of the keys (1024-bit, 2048-bit, 4096-bit) is important as it determines the level of security. But, it may also slow down the connection speed. The larger the key the slower the connection.
It was demonstrated that the 1024-bit RSA handshake key can be cracked and it probably has been by different organisations (NSA alike). After the demonstration was published most of the providers in the security industry have upgraded their RSA handshake keys to RSA-2048 or RSA-4096 that are considered secure.
RSA keys and the VPN providers. Why are they important?
RSA-2048 is considered the minimum standard for commercial VPN providers.
If a VPN provider uses RSA-1024 than the communication between your computer/device and the VPN server may be compromised. It is not something you want!
Important! You should check the length of OpenVPN RSA handshake key of your current VPN provider or before you subscribe to a new one.
VPN providers & the RSA key length
I have checked the length of OpenVPN RSA handshake key used by the providers I use regularly and that I keep an eye on. Here are the results:
|VPN Provider||OpenVPN RSA handshake key|
What do you think?
What do you think if the RSA key? It is important?
Do you look to the length of RSA key when you choose your VPN provider? What VPN do you use?
Let us know your thoughts in the comments below.