[Cryptography] Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

[Peter Gutmann]

Patrick Chkoreff <patrick at rayservers.net> writes:

>This particular OpenVPN server uses its own certificate authority to lessen
>the potential for a MITM attack.  Furthermore, it deploys an "HMAC firewall"
>so that the negotiation of the key exchange cannot even begin without the
>proper use of a shared static secret key.

For those who aren't familiar with this, it's a cool thing that OpenVPN has
done for ages, they call it tls-auth.  Before you can even start connecting,
you need to authenticate yourself with an HMAC'd exchange, which protects
against attacks on the underlying OpenSSL or other parts of the protocol.

Peter.