Tunnelblick vs. PIA Client
369 views
Skip to first unread message
rock8...@gmail.com
Oct 12, 2014, 11:17:59 AM10/12/14
to
I heard that the PIA Client ist more secure than tunnelblick due to the additional security features implemented in the PIA client.
Which security features do Tunnelblick offer?
Thanks in advance!
Which security features do Tunnelblick offer?
Thanks in advance!
jkbull...gmail.com
Oct 12, 2014, 12:31:46 PM10/12/14
to tunnelbli...@googlegroups.com
Where did you hear that?
What are the "additional security features implemented in the PIA client" that you think Tunnelblick does not have?
Tunnelblick is "just" the software, is that what you are asking about, or are you asking about the security of an OpenVPN VPN, or about the security of a VPN provider's service?
For a broader discussion about using VPNs, see Privacy and Security.
On Sunday, October 12, 2014 11:17:59 AM UTC-4, Phoenix I wrote:
I heated that the PIA Client ist more secure than tunnelblick due to the additional security features implemented in the PIA client.
Phoenix I
Oct 12, 2014, 1:45:54 PM10/12/14
to
Thank you for the reply.
On the Client you can add the following security features:
- Maximum Protection — AES-256 / SHA256 / RSA-4096
That are the values I can add on their Client Software. So I just wanted to know if Tunnelblick can provide those security features as well, or what Tunnelblick is using for securing data.
Message has been deleted
jkbull...gmail.com
Oct 12, 2014, 3:42:12 PM10/12/14
to tunnelbli...@googlegroups.com
"AES-256/SHA256/RSA-4096" refers to encryption and digest algorithms. It is not referring to "security features".
You (or whoever sets up your VPN) determine what encryption and digest algorithms to use, not Tunnelblick.
Tunnelblick is a graphic interface to OpenVPN, which uses OpenSSL for encryption and authentication. You can configure OpenVPN to use any encryption and authentication methods that OpenSSL supports. Tunnelblick 3.4 includes OpenSSL 1.0.1i, which includes the following digests:
MD5 128 bit digest sizeRSA-MD5 128 bit digest sizeSHA 160 bit digest sizeRSA-SHA 160 bit digest sizeSHA1 160 bit digest sizeRSA-SHA1 160 bit digest sizeDSA-SHA 160 bit digest sizeDSA-SHA1-old 160 bit digest sizeMDC2 128 bit digest sizeRSA-MDC2 128 bit digest sizeDSA-SHA1 160 bit digest sizeRSA-SHA1-2 160 bit digest sizeDSA 160 bit digest sizeRIPEMD160 160 bit digest sizeRSA-RIPEMD160 160 bit digest sizeMD4 128 bit digest sizeRSA-MD4 128 bit digest sizeecdsa-with-SHA1 160 bit digest sizeRSA-SHA256 256 bit digest sizeRSA-SHA384 384 bit digest sizeRSA-SHA512 512 bit digest sizeRSA-SHA224 224 bit digest sizeSHA256 256 bit digest sizeSHA384 384 bit digest sizeSHA512 512 bit digest sizeSHA224 224 bit digest sizewhirlpool 512 bit digest size
and the following ciphers:
DES-CBC 64 bit default key (fixed)IDEA-CBC 128 bit default key (fixed)RC2-CBC 128 bit default key (variable)DES-EDE-CBC 128 bit default key (fixed)DES-EDE3-CBC 192 bit default key (fixed)DESX-CBC 192 bit default key (fixed)BF-CBC 128 bit default key (variable)RC2-40-CBC 40 bit default key (variable)CAST5-CBC 128 bit default key (variable)RC2-64-CBC 64 bit default key (variable)AES-128-CBC 128 bit default key (fixed)AES-192-CBC 192 bit default key (fixed)AES-256-CBC 256 bit default key (fixed)CAMELLIA-128-CBC 128 bit default key (fixed)CAMELLIA-192-CBC 192 bit default key (fixed)CAMELLIA-256-CBC 256 bit default key (fixed)SEED-CBC 128 bit default key (fixed)
and the following TSL ciphers:
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384TLS-ECDHE-RSA-WITH-AES-256-CBC-SHATLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHATLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHATLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHASRP-AES-256-CBC-SHA (No IANA name known to OpenVPN, use OpenSSL name.)TLS-DHE-DSS-WITH-AES-256-GCM-SHA384TLS-DHE-RSA-WITH-AES-256-GCM-SHA384TLS-DHE-RSA-WITH-AES-256-CBC-SHA256TLS-DHE-DSS-WITH-AES-256-CBC-SHA256TLS-DHE-RSA-WITH-AES-256-CBC-SHATLS-DHE-DSS-WITH-AES-256-CBC-SHATLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHATLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHATLS-ECDH-RSA-WITH-AES-256-GCM-SHA384TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384TLS-ECDH-RSA-WITH-AES-256-CBC-SHATLS-ECDH-ECDSA-WITH-AES-256-CBC-SHATLS-RSA-WITH-AES-256-GCM-SHA384TLS-RSA-WITH-AES-256-CBC-SHA256TLS-RSA-WITH-AES-256-CBC-SHATLS-RSA-WITH-CAMELLIA-256-CBC-SHATLS-PSK-WITH-AES-256-CBC-SHATLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256TLS-ECDHE-RSA-WITH-AES-128-CBC-SHATLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHATLS-SRP-SHA-DSS-WITH-AES-128-CBC-SHATLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHASRP-AES-128-CBC-SHA (No IANA name known to OpenVPN, use OpenSSL name.)TLS-DHE-DSS-WITH-AES-128-GCM-SHA256TLS-DHE-RSA-WITH-AES-128-GCM-SHA256TLS-DHE-RSA-WITH-AES-128-CBC-SHA256TLS-DHE-DSS-WITH-AES-128-CBC-SHA256TLS-DHE-RSA-WITH-AES-128-CBC-SHATLS-DHE-DSS-WITH-AES-128-CBC-SHATLS-DHE-RSA-WITH-SEED-CBC-SHATLS-DHE-DSS-WITH-SEED-CBC-SHATLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHATLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHATLS-ECDH-RSA-WITH-AES-128-GCM-SHA256TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256TLS-ECDH-RSA-WITH-AES-128-CBC-SHATLS-ECDH-ECDSA-WITH-AES-128-CBC-SHATLS-RSA-WITH-AES-128-GCM-SHA256TLS-RSA-WITH-AES-128-CBC-SHA256TLS-RSA-WITH-AES-128-CBC-SHATLS-RSA-WITH-SEED-CBC-SHATLS-RSA-WITH-CAMELLIA-128-CBC-SHAIDEA-CBC-SHA (No IANA name known to OpenVPN, use OpenSSL name.)TLS-PSK-WITH-AES-128-CBC-SHATLS-ECDHE-RSA-WITH-RC4-128-SHATLS-ECDHE-ECDSA-WITH-RC4-128-SHATLS-ECDH-RSA-WITH-RC4-128-SHATLS-ECDH-ECDSA-WITH-RC4-128-SHATLS-RSA-WITH-RC4-128-SHATLS-RSA-WITH-RC4-128-MD5TLS-PSK-WITH-RC4-128-SHATLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHATLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHATLS-SRP-SHA-DSS-WITH-3DES-EDE-CBC-SHATLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHASRP-3DES-EDE-CBC-SHA (No IANA name known to OpenVPN, use OpenSSL name.)TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHATLS-DHE-DSS-WITH-3DES-EDE-CBC-SHATLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHATLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHATLS-RSA-WITH-3DES-EDE-CBC-SHATLS-PSK-WITH-3DES-EDE-CBC-SHATLS-DHE-RSA-WITH-DES-CBC-SHATLS-DHE-DSS-WITH-DES-CBC-SHATLS-RSA-WITH-DES-CBC-SHATLS-DH-RSA-EXPORT-WITH-DES40-CBC-SHATLS-DH-DSS-EXPORT-WITH-DES40-CBC-SHATLS-RSA-EXPORT-WITH-DES40-CBC-SHATLS-RSA-EXPORT-WITH-RC2-CBC-40-MD5TLS-RSA-EXPORT-WITH-RC4-40-MD5
On Sunday, October 12, 2014 1:45:54 PM UTC-4, Phoenix I wrote:
Thank you for the reply.
On the Client you can add the following security features:DataEncryption/DataAuthentification/HandshakeEncryption
- Maximum Protection — AES-256 / SHA256 / RSA-4096
That are the values I can add on their Client Software. So I just wanted to know if Tunnelblick can provide those security features as well, or what Tunnelblick is using for securing data.
On Sunday, October 12, 2014 6:31:46 PM UTC+2, jkbull...gmail.com wrote:
Phoenix I
Oct 13, 2014, 9:57:42 AM10/13/14
to
Thanks for the reply.
Which of the following security features would you suggest to use?
What are the standard configurations of Tunnelblick OpenVPN do they provide a sufficient layer of security?
Which of the following security features would you suggest to use?
What are the standard configurations of Tunnelblick OpenVPN do they provide a sufficient layer of security?
jkbull...gmail.com
Oct 13, 2014, 10:06:47 AM10/13/14
to tunnelbli...@googlegroups.com
Tunnelblick itself does not have anything to do with the "security features" you are asking about. OpenVPN does all that.
You should read the OpenVPN documentation to see what security measures they recommend:
On Monday, October 13, 2014 9:57:42 AM UTC-4, Phoenix I wrote:
Thanks for the reply.
Which of the following security features would you suggest to use?
What are the standard configurations of Tunnelblick OpenVPN do they provide a sufficient layer of security?
On Sunday, October 12, 2014 9:42:12 PM UTC+2, jkbull...gmail.com wrote:
Reply all
Reply to author
Forward
0 new messages