[TriLUG] openvpn questions
Randy Barlow
randy at electronsweatshop.com
Fri Apr 20 14:40:46 EDT 2012
On 04/20/2012 02:38 PM, Joseph Mack NA3T wrote:
> The docs say the crypto login exchange _might_ not work if the client
> and server clocks aren't synchronised.
>
> I take it there is a time offset check in the key exchange. Why is this?
> Why do you care if the other party's clock is wrong?
>
> Why _might_ it not work? I would expect if there is a requirement for
> the clocks to be offset by less than a certain amount it _will_ (rather
> than _might_) fail.
This is to reduce the risk of replay attacks.
http://en.wikipedia.org/wiki/Replay_attack
--
R
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://www.trilug.org/pipermail/trilug/attachments/20120420/2d13bd13/attachment.pgp>
More information about the TriLUG
mailing list