How safe to change default SHA1 to other encryption algorithm?
-
Hello,
When setupping OpenVPN server, I encounter Auth Digest Algorithm, which default encryption algorithm is SHA1 (160-bit). I would like to know, is it safe to change SHA1 to another algorithm like RSA-SHA256 (256-bit) or leave it as it is?
-
SHA1 is potentially already unsafe and you probably should be using SHA256 instead:
https://blog.qualys.com/ssllabs/2014/09/09/sha1-deprecation-what-you-need-to-know
-
the catch is that things don't work properly if both ends aren't configured to use the same algorithm–which can be a pain depending on how many clients and servers are involved. my own inclination would be to skip the change to sha256 and get everyone on 2.4 and AES-128-GCM instead, if possible (no SHA needed).
-
It's completely safe so long as both sides support the same authentication digest algorithm (it's not an encryption algorithm). Use whatever you want so long as it matches on the server and all clients. If it's an RA setup you would have to export new configurations or manually edit client configurations. For a new RA setup, the client will get it when exported.
VAMike: AES-GCM is preferable but requires OpenVPN 2.4 which isn't available on pfSense 2.3.3. It still uses an auth digest algo for the control channel, so it's important to pick a strong one like SHA256 or better even then.
-
Thank you very much for your replies. Now I know it is better to choose another one than SHA1. But I see that there are two types of SHA256 here: RSA-SHA256 and SHA256. Is RSA-SHA256 more stronger than SHA256? And one more question about Hardware Crypto. Do I have to choose one of the options in combobox or leave it as "No Hardware Crypto Acceleration?
-
I think that is just quirk in how openvpn lists stuff
http://security.stackexchange.com/questions/91908/using-rsa-sha-as-instead-hmac-in-openvpn
In other words, you see some "alternate names" with some RSA or ECDSA but that's just a consequence of how OpenSSL names things, and if you use these names you just obtain the underlying hash function (to be used in HMAC) and nothing more. Thus, –auth SHA1 and --auth RSA-SHA1 are completely equivalent.
-
VAMike: AES-GCM is preferable but requires OpenVPN 2.4 which isn't available on pfSense 2.3.3. It still uses an auth digest algo for the control channel, so it's important to pick a strong one like SHA256 or better even then.
I'm aware of that. My point was that if it takes a bunch of work to change client & server configurations, it makes sense to just put it off until it's possible to upgrade to 2.4 and switch to GCM. There is no real pressing need to change anything right now. If starting from scratch using SHA256 is fine.
-
I think that is just quirk in how openvpn lists stuff
http://security.stackexchange.com/questions/91908/using-rsa-sha-as-instead-hmac-in-openvpn
In other words, you see some "alternate names" with some RSA or ECDSA but that's just a consequence of how OpenSSL names things, and if you use these names you just obtain the underlying hash function (to be used in HMAC) and nothing more. Thus, –auth SHA1 and --auth RSA-SHA1 are completely equivalent.
I don't have any source material to cite now but as far as I remember SHA1 (or any such hash function) alone isn't a MAC, there has to be an encryption involved to make it a MAC that can resist the usual attacks that are used against MACs. What OpenVPN does is just to spell out that in the RSA-SHA* stuff but also keeps the older names for compatibility.
-
But I see that there are two types of SHA256 here: RSA-SHA256 and SHA256.
They are the same.
http://security.stackexchange.com/questions/91908/using-rsa-sha-as-instead-hmac-in-openvpn