-
- Er mo, I know exactly what I'm talking about and it would appear that you are the confused person here.
Since when is a brute force attack an exploit? What is the total key extent of AES 256-bit? Don't you think that the NSA and such like not only have ever single possible key in a database, but also have a very sophisticated algorithm for testing the keys in a probability priority cascade on machines that can perform billions of test per second.
As for citations, what evidence do you have that there is no backdoor? I suggest to search algorithm based based analysis attacks carried out by the industry and you will soon see that the backdoor was discovered several years ago by sone of the best brains in cryptography.
Next time don't ask me to cite. Do your own research. I don't even know if you are capable of understanding the evidence so why would I cite it. After all you think I get confused between AES and SSL where one us a standard and the other is a protocol. Duh!
Posted via CB10
Since 256 is 2128 times more complex...then it makes sense that it won't take 2.5 hours for a brute-force attack to crack.
Also, lack of disproving evidence doesn't mean that something exists. Just because you can't find proof that I specifically don't have 17 stomachs, doesn't mean that I do.
Also, an Algortihm-based analysis attack IS NOT BRUTE FORCE...
Anyway, WAY off topic...OpenVPN is more convenient that having to buy specific hardware for a home VPN. Though you could just use StrongSwan and BB10 works with the IKEv2 VPN options with it. You can find it here: Strongswan VPN and the Playbook | Richard Wall
I haven't been able to find a Windows-Based one that I can setup and run from home that doesn't require me redirecting through third party servers...09-13-13 08:33 PMLike 0 - OmnitechDragon SlayerOpenVPN is more convenient that having to buy specific hardware for a home VPN. Though you could just use StrongSwan and BB10 works with the IKEv2 VPN options with it. You can find it here: Strongswan VPN and the Playbook | Richard Wall
I haven't been able to find a Windows-Based one that I can setup and run from home that doesn't require me redirecting through third party servers...
Perhaps because most security geeks don't run Windoze.
There are various free turnkey *nix things you can install on your existing commodity router that provide IPSEC VPN capability, some of which incorporate S/WAN. Couple of examples:
- Zeroshell
- pfsense
- Zentyal
09-16-13 10:47 PMLike 0 - Some Windoze HowTo's for IPsec among others:
How to Create a VPN Server on Your Windows Computer Without Installing Any Software - Not supported by BB10
Elastichosts | Tutorials | Windows L2TP/IPsec VPN Server - Not supported by BB10
Five Best VPN Tools - Not supported by BB10
How (and why) to set up a VPN today | PCWorld - Not supported by BB10
I'm not claiming to be some sort of "security geek"...I'm actually an MS Tech specializing in Server Solutions. Though I'm not feeling up to setting up a Linux/Unix IKEv2 server at home (Especially since my home server mobo just died), NOR an MS RRAS IKEv2 server (Though the eval license would mean I need to reinstall every 6 months).
I'm actually surprised that there aren't any IKEv2 free Windows apps for this...though I understand why, I suppose.
Maybe when my mobo is fixed, I will run Win Blue with a FreeBSD VM with StrongSwan...that would work.09-17-13 04:10 AMLike 0 -
- I think they've heard us, but let's wait for confirmation from multiple sources. I'm just hoping we won't have to wait until Live next year...09-17-13 09:19 AMLike 0
- OmnitechDragon Slayer
Actually I thought some of those things were something they are not, turns out some of them are client-only and some of them only support L2TP. My bad.
Personally what I would do is buy a used Netscreen or Sonicwall firewall from ebay for $50 and use its built-in IPsec VPN facility.
Way better security than most of the toys sold for home networks these days (assuming a relatively modern OS is on there), though the older models have limited throughput which could be an issue if you expect 25mbps VPN performance or something. (Not that that would likely be possible on most modern home routers either, in practice.)09-17-13 12:16 PMLike 0 - Actually I thought some of those things were something they are not, turns out some of them are client-only and some of them only support L2TP. My bad.
Personally what I would do is buy a used Netscreen or Sonicwall firewall from ebay for $50 and use its built-in IPsec VPN facility.
Way better security than most of the toys sold for home networks these days (assuming a relatively modern OS is on there), though the older models have limited throughput which could be an issue if you expect 25mbps VPN performance or something. (Not that that would likely be possible on most modern home routers either, in practice.)
Unfortunately your advice doesn't solve the growing problem where people have to connect with campus VPS servers that provide PPTP and L2TP (for mobiles) and OpenVPN.
I guess BlackBerry has to decide where in the market they stand. If they are still only interested in supporting big corporate users who will have access to IPSec servers then we will never see OpenVPN. But if they are also after the SoHo and consumer markets then they pretty much have to do something, even if that is only providing the tools for someone else to build an OpenVPN application.09-17-13 12:56 PMLike 0 - OmnitechDragon SlayerUnfortunately your advice doesn't solve the growing problem where people have to connect with campus VPS servers that provide PPTP and L2TP (for mobiles) and OpenVPN.
I guess BlackBerry has to decide where in the market they stand. If they are still only interested in supporting big corporate users who will have access to IPSec servers then we will never see OpenVPN. But if they are also after the SoHo and consumer markets then they pretty much have to do something, even if that is only providing the tools for someone else to build an OpenVPN application.
Correct me if I'm wrong here, but AFAIK NONE of the competing smartphone platforms have native OpenVPN support either.
Sure, there are apps for those platforms that do that, but there could be OpenVPN apps for BB10 most likely too. It's no more BlackBerry's fault for that than it is Microsoft or Apple or Google's fault that they don't bother to bake OpenVPN support into their OS natively either.09-17-13 01:25 PMLike 0 -
OpenVPN Connect is the official full-featured Android VPN client for the OpenVPN Access Server, Private Tunnel and OpenVPN Community, developed by OpenVPN Technologies, Inc.
Features:
* Supports Ice Cream Sandwich, Jelly Bean and higher. Does NOT require a rooted device.
* Easily import .ovpn profiles from SD card, OpenVPN Access Server, Private Tunnel or via a browser link.
* Improved power management - preferences setting allows VPN to pause in a low-power state whenever screen is blanked or network is unavailable.
* Android Keychain integration - OpenVPN profiles may reference a cert/key pair in the Android keychain.
*Supports hardware-backed keystores (such as on the Nexus 7)
*Support for multi-factor authentication using OpenVPN static and dynamic challenge/response protocols.
*Full IPv6 support (at both the tunnel and transport layer)09-17-13 01:30 PMLike 0 - OmnitechDragon Slayerhttps://play.google.com/store/apps/d...penvpn.openvpn
OpenVPN Connect is the official full-featured Android VPN client for the OpenVPN Access Server, Private Tunnel and OpenVPN Community, developed by OpenVPN Technologies, Inc.
Features:
* Supports Ice Cream Sandwich, Jelly Bean and higher. Does NOT require a rooted device.
* Easily import .ovpn profiles from SD card, OpenVPN Access Server, Private Tunnel or via a browser link.
* Improved power management - preferences setting allows VPN to pause in a low-power state whenever screen is blanked or network is unavailable.
* Android Keychain integration - OpenVPN profiles may reference a cert/key pair in the Android keychain.
*Supports hardware-backed keystores (such as on the Nexus 7)
*Support for multi-factor authentication using OpenVPN static and dynamic challenge/response protocols.
*Full IPv6 support (at both the tunnel and transport layer)
That is "official" in the sense it is written by the people who wrote OpenVPN. It is not "official" or "native" as in written by and officially supported by Google as part of the Android OS.09-17-13 01:57 PMLike 0 -
Anyway, Google did what it had to do, it provides a base class for apps to build their own VPN solutions (since API level 14).
The first thing to do would be to ask BlackBerry why they don't offer an API, but I guess they don't trust devs when it comes to security.09-17-13 02:04 PMLike 0 - OmnitechDragon Slayer
Tbh I can easily understand such a stance. Why should they trust some unknown entity to place deep hooks into the OS's networking functionality as a way of selling a "security" solution that may turn out to be full of holes, vulnerabilities or exploits? Unlike most of their competition, Blackberry could suffer a lot more reputational damage for allowing that to happen.
No one even expects Android to be a secure OS.
Though I don't see why Blackberry doesn't just stipulate that in order for organizations using the devices to maintain an approved level of security, they cannot employ 3rd-party VPNs on the device. They have made compromises like that for BB10 all over the place, and often for a far more fuzzy potential payoff.09-17-13 02:19 PMLike 0 - Though I don't see why Blackberry doesn't just stipulate that in order for organizations using the devices to maintain an approved level of security, they cannot employ 3rd-party VPNs on the device. They have made compromises like that for BB10 all over the place, and often for a far more fuzzy potential payoff.
They could provide /dev/tun and let OpenVPN add everything else in an app.Blomsternisse likes this.09-17-13 02:30 PMLike 1 - OmnitechDragon Slayer
Then of course the question would be whether the OpenVPN people would consider the effort of writing such an app worthwhile, considering the small userbase.
I thought perhaps Firefox OS would have OpenVPN support built-in, but it appears that it doesn't have any VPN support yet.
Same for Tizen, though apparently there may be a 3rd-party OpenVPN client available.
So other than perhaps a future Ubuntu for Smartphones release, I think that pretty much wraps up all the significant smartphone platforms in terms of native OpenVPN support.09-17-13 02:52 PMLike 0 - Actually I thought some of those things were something they are not, turns out some of them are client-only and some of them only support L2TP. My bad.
Personally what I would do is buy a used Netscreen or Sonicwall firewall from ebay for $50 and use its built-in IPsec VPN facility.
Way better security than most of the toys sold for home networks these days (assuming a relatively modern OS is on there), though the older models have limited throughput which could be an issue if you expect 25mbps VPN performance or something. (Not that that would likely be possible on most modern home routers either, in practice.)
Anyway, 25mbps in South Africa? HA! A while away for people who aren't in Sandton.
Meh, until my mobo is fixed and can build a FreeBSD box with Strongswan, it looks like no VPN for me. :-P
Mmmm...CB10! Just the tip though...09-17-13 06:53 PMLike 0 -
Actually gonna do it under VMWare Workstation. Perks of being a VMWare engineer!
Haha, you know the Internet isn't MORE dangerous here? Just a lot more expensive. :-P
Mmmm...CB10! Just the tip though...09-17-13 07:18 PMLike 0 - OmnitechDragon Slayer
Hold on a sec - weren't you complaining that there weren't any free IKEv2 servers for Windows? If you're already running Windows why not just run VirtualBox on it? RAM limitation?
Speaking of VMware perks, do they have some sort of professional trial program like MS Technet? I called someone at the headquarters about that but have to followup with them because I never got a straight answer. The free ESXi has a lot of showstopper limitations, like all the backup/remote command-line APIs/functions removed.09-17-13 07:28 PMLike 0 - Hold on a sec - weren't you complaining that there weren't any free IKEv2 servers for Windows? If you're already running Windows why not just run VirtualBox on it? RAM limitation?
Speaking of VMware perks, do they have some sort of professional trial program like MS Technet? I called someone at the headquarters about that but have to followup with them because I never got a straight answer. The free ESXi has a lot of showstopper limitations, like all the backup/remote command-line APIs/functions removed.
VMWare do offer evaluation keys if you want to setup your own host but unless you have impressive hardware and are planning on nesting the VMs, it requires more PCs than I have. :-P
As far as I know, the Eval keys have full functionality...I don't remember seeing any limitations but I only ever used the Eval keys to mess around with ay home where I didn't even get around to those things you listed.
I originally complained that there were no free IKEv2 VPN systems for Windows and then a couple days later, my motherboard died...so now that I'm being forced to get a more powerful PC, I'm just going to run a FreeBSD VM (though I still want an IKEv2 windows system. ).
Mmmm...CB10! Just the tip though...09-17-13 07:52 PMLike 0 - OmnitechDragon SlayerVMWare do offer evaluation keys if you want to setup your own host but unless you have impressive hardware and are planning on nesting the VMs, it requires more PCs than I have. :-P
As far as I know, the Eval keys have full functionality...I don't remember seeing any limitations but I only ever used the Eval keys to mess around with ay home where I didn't even get around to those things you listed.
I don't really do much with VMware except on servers, so at this point it would be on various permutations of multi-core Xeon servers, anywhere from 2 dual-core CPU boxes to 2 quad-core CPU boxes.
The problem with the free ESXi is that a lot of the functionality to support backup and things like UPS signalling are missing in the free versions, and running VMs without backup or UPS signalling support on boxes that run 24x7 is a really bad idea.
I also have a copy of VMware workstation, but the original thing I wanted to use it for didn't work. (An XP VM of my old laptop image running under VMW on my new laptop - XP wouldn't run because that Thinkpad version of XP was "BIOS-locked" to the old Thinkpad and won't run under VMware workstation. I've seen workarounds for this with VirtualBox - ie some sort of BIOS spoofing - but nothing for VMW. And I haven't gotten around to playing with the OS to make it work, ie by doing a "repair install" or somesuch, but not holding my breath on that either.)09-17-13 08:12 PMLike 0 - I don't really do much with VMware except on servers, so at this point it would be on various permutations of multi-core Xeon servers, anywhere from 2 dual-core CPU boxes to 2 quad-core CPU boxes.
The problem with the free ESXi is that a lot of the functionality to support backup and things like UPS signalling are missing in the free versions, and running VMs without backup or UPS signalling support on boxes that run 24x7 is a really bad idea.
I also have a copy of VMware workstation, but the original thing I wanted to use it for didn't work. (An XP VM of my old laptop image running under VMW on my new laptop - XP wouldn't run because that Thinkpad version of XP was "BIOS-locked" to the old Thinkpad and won't run under VMware workstation. I've seen workarounds for this with VirtualBox - ie some sort of BIOS spoofing - but nothing for VMW. And I haven't gotten around to playing with the OS to make it work, ie by doing a "repair install" or somesuch, but not holding my breath on that either.)
Pity you didn't run "Sysprep /generalise" on that old XP machine before slapping it in a VM. Though there might be a way to still do that...I've never needed to mess around with A post-transfer Sysprep.
We are, however getting VERY sidetracked from the thread topic. :-P
Mmmm...CB10! Just the tip though...09-17-13 08:25 PMLike 0 - OmnitechDragon SlayerLooks like the leaked version of 10.2.1 has limited OpenVPN support.
http://forums.crackberry.com/bb10-le...a100-x-856794/
Quoting:
"OpenVPN makes an appearance (No UI)"Blomsternisse likes this.10-03-13 04:57 PMLike 1
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
If You Want OpenVPN Support on BB10
Similar Threads
-
It is up to you to share that the BB10 is out in the U.S Must if you want more apps and Support.
By J2d2 in forum BlackBerry Z10Replies: 0Last Post: 03-23-13, 01:25 PM -
If you want new BB phones on Verizon Wireless
By padamssm in forum General Carrier DiscussionReplies: 10Last Post: 08-04-11, 03:14 PM -
If you want bbm 6 on your phone...
By jmercier34 in forum BlackBerry OS AppsReplies: 1Last Post: 03-07-11, 12:05 AM -
If you want bbm 6 on your phone...
By jmercier34 in forum General BlackBerry News, Discussion & RumorsReplies: 1Last Post: 03-07-11, 12:05 AM -
If you want a 9100, live in the US and are on TMO read this
By kurtla in forum BlackBerry Pearl SeriesReplies: 85Last Post: 10-10-10, 09:59 PM
LINK TO POST COPIED TO CLIPBOARD