[Chugalug] VPN suggestions
wes at the-wes.com
Sat Sep 7 01:44:09 UTC 2013
conceptually, you could think of a certificate as sort of a
additionally, both sides don't have the same cert/password: they each get a
mutually compatible one. these are called the "public key" and the "private
abcdefghijklm -> encrypted via private key -> @!#%$@#%^%$*&
abcdefghijklm -> encrypted via public key -> &*)^&*$%^@$#$
@!#%$@#%^%$*& -> decrypted via public key -> abcdefghijklm
@!#%$@#%^%$*& -> decrypted via wrong key -> ^$%#$%@#$@$^%
point being, data encrypted by one key can only be decrypted by the other
key, not even by the same key it was originally encrypted with.
a "certificate" is a key (public or private) which also contains extra info
about the who/what/when/where/why of the situation. this is used to ensure
that the proper keys are being used.
On Fri, Sep 6, 2013 at 6:20 PM, Rod <rod-lists at epbfi.com> wrote:
> What is the difference between a cert and a PSK?
> On Fri, 06 Sep 2013 00:29:25 -0400, Mike Robinson <
> miker at sundialservices.com> wrote:
> "++" for OpenVPN (and TunnelBlick on a Mac).
>> These packages work extremely well, and are very easy to set up ...
>> provided that you always keep firmly in mind the fact that VPN is designed
>> to tell "Eve" absolutely Nothing. Until you get things set up just-right,
>> VPN by design will basically give you =no= clues as to what's wrong. Pay
>> very, very close attention to details (as VPN itself does). For instance,
>> one client had a devil of a time with a certificate, until we noticed that
>> the state-name was "VA" in one place, and "Va" in another. That was the
>> difference that made all the difference. Heh. And the message? Something
>> about "self-signed certificate in chain." Heh. Welcome to the world of
>> VPN error-messages.
>> Be sure to secure the link with certificates, not passwords (a.k.a.
>> "pre-shared keys" or PSKs).
>> VPN definitely trumps SSH in my opinion because "providing a secure
>> tunnel" is what VPN was foremost designed to do. "It's just there, and
>> by-the-by it's secure." The fact that it's supported by many off-the-shelf
>> routers is an added bonus.
> Using Opera's mail client: http://www.opera.com/mail/
> Chugalug mailing list
> Chugalug at chugalug.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Chugalug