Jump to content
  • 0

Same certs for everybody? Where is the security?

Rate this question



So I signed up. But it looks to me like the certs & private key I downloaded for OpenVPN are the same for everybody. That being the case, anyone sniffing my network traffic could easily download everything they need to decrypt it from TorGuard's website, and it also enables MitM attacks. This is exactly the same problem public pre-shared keys have.


As far as I can tell, TorGuard is not offering any meaningful VPN encryption. At least not from anybody (ISP, hotspot operator, NSA, whoever) who bothers to record my session. I guess my IP is hidden from the non-VPN servers to which I connect, which is nice, but...this means (if I care about encryption at all) I need to do something like use Tor over the VPN, and if I'm doing that I can just use Tor by itself.


If I'm wrong or if there's some other factor in play, I'd love to hear about it. I want to like this service. I just don't get it right now--what's really being offered here?



Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 0

We have already addressed this via support ticket, as we have already said a few times..


1) We don't have any private keys for download, these are called CA certs which the user needs to connect to OpenVPN, please learn more about OpenVPN before you go mouthing off nonsense.


2) We use encryption *OF COURSE* as you will see in the client logs ? did you even check them ? do you know how to ? they use either blowfish or AES.


3) NO-ONE can initiate "man in the middle attacks" without private keys - these are all *private* and no-one else can get them - i have told you this i don't know how many times now.


Read and Learn!



Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...