[Chugalug] VPN suggestions

wes wes at the-wes.com
Sat Sep 7 01:44:09 UTC 2013


conceptually, you could think of a certificate as sort of a
kajillion-character-long password.

additionally, both sides don't have the same cert/password: they each get a
mutually compatible one. these are called the "public key" and the "private
key".

example:

abcdefghijklm -> encrypted via private key -> @!#%$@#%^%$*&
abcdefghijklm -> encrypted via public key -> &*)^&*$%^@$#$

@!#%$@#%^%$*& -> decrypted via public key -> abcdefghijklm
@!#%$@#%^%$*& -> decrypted via wrong key -> ^$%#$%@#$@$^%

point being, data encrypted by one key can only be decrypted by the other
key, not even by the same key it was originally encrypted with.

a "certificate" is a key (public or private) which also contains extra info
about the who/what/when/where/why of the situation. this is used to ensure
that the proper keys are being used.

-wes


On Fri, Sep 6, 2013 at 6:20 PM, Rod <rod-lists at epbfi.com> wrote:

> What is the difference between a cert and a PSK?
>
>
> On Fri, 06 Sep 2013 00:29:25 -0400, Mike Robinson <
> miker at sundialservices.com> wrote:
>
>  "++" for OpenVPN (and TunnelBlick on a Mac).
>>
>> These packages work extremely well, and are very easy to set up ...
>> provided that you always keep firmly in mind the fact that VPN is designed
>> to tell "Eve" absolutely Nothing.  Until you get things set up just-right,
>> VPN by design will basically give you =no= clues as to what's wrong.  Pay
>> very, very close attention to details (as VPN itself does).  For instance,
>> one client had a devil of a time with a certificate, until we noticed that
>> the state-name was "VA" in one place, and "Va" in another.  That was the
>> difference that made all the difference.  Heh.  And the message?  Something
>> about "self-signed certificate in chain."  Heh.  Welcome to the world of
>> VPN error-messages.
>>
>> Be sure to secure the link with certificates, not passwords (a.k.a.
>> "pre-shared keys" or PSKs).
>>
>> VPN definitely trumps SSH in my opinion because "providing a secure
>> tunnel" is what VPN was foremost designed to do.  "It's just there, and
>> by-the-by it's secure."  The fact that it's supported by many off-the-shelf
>> routers is an added bonus.
>>
>
>
> --
> Using Opera's mail client: http://www.opera.com/mail/
> ______________________________**_________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/**mailman/listinfo/chugalug<http://chugalug.org/cgi-bin/mailman/listinfo/chugalug>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130906/0971d03f/attachment-0001.html>


More information about the Chugalug mailing list