dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1494
share rss forum feed

OmagicQ
Posting in a thread near you

join:2003-10-23
Bakersfield, CA
kudos:1

1 edit

Recommended password length for openvpn?

Does anyone know what the recommended length or max length for a password for an openvpn based vpn is? I have been using a 32 character password but is that secure enough? Thanks.

Edit: is this secure enough or should i mix cases and add numbers?
yowutmydoghasfleaslolohnoesrofl

--
...Who, What, When, Where, How... Why? Why Not?

HELLFIRE
Premium
join:2009-11-25
kudos:18
ANY password should follow the basic password rules, ie :

a) sufficient length
b) sufficient complexity
c) changed / rotated on a regular basis
d) NEVER shared out to unathorized parties under ANY circumstances, even accidentally.

[/end discussion]

Regards


Packeteers
Premium
join:2005-06-18
Forest Hills, NY
kudos:1
Reviews:
·Time Warner Cable

4 edits
reply to OmagicQ
a password does not matter with OpenVPN as long as your client side is not physically accessible by anyone else. the OpenVPN client itself authenticates with both a master and individual certificate, passes unique keys, and encrypts based on config files or definitions your VPN service will provide, so the password you use only activates the login script nothing more. I don't use a login name and password at all because I OpenVPN on a home computer I alone can access, and I'm on/off my VPN so often that I don't want to be bothered with yet another login request. besides even if some robber broke into my home and used my PC and VPN, what would the added insult of using my VPN really matter in the scheme of things. the point is the login password itself does not add any more protection to the VPN tunnel integrity, only whether a user sitting on your PC can activate the tunnel or not. at work where I use a pair of SonicWall boxes to hardware VPN a branch to a home office, I don't use passwords to activate that tunnel either, since it's impossible to form a tunnel anywhere else without those 2 boxes which are configured with insanely long mixed case alphanumeric certificates(255) and keys(2023) that even DARPA cannot crack or even deep packet inspect. even if a person on another computer got your name and password, knew and configured his PC with the same config files the VPN provider gives by default when you sign up, he still could not login and use the service on your account because the VPN provider has a record of what certificates and keys it shares with each account, so your username/password would not match up thus your login information would be worthless to anyone else. this is why when you sign up with a VPN provider you need to notify him if you are using the same account on two or more devices since they must make allowances for that level of flexibility. so far the VPN providers I've seen will market by either one or up to three different devices per account.

OmagicQ
Posting in a thread near you

join:2003-10-23
Bakersfield, CA
kudos:1
Ok, I wasn't aware that's how openvpn is set up. Beats PPTP by a mile.
--
...Who, What, When, Where, How... Why? Why Not?