Private Internet Access funds OpenVPN 2.4 audit by noted cryptographer Dr. Matthew Green
Private Internet Access is happy to announce that an OpenVPN 2.4 audit is going to be completed by noted cryptographer Dr. Matthew Green, assistant professor at the Johns Hopkins Information Security Institute. Dr. Green has a long, distinguished history in the fields of applied cryptography and cryptographic engineering and has previously lead the Truecrypt audit.
Private Internet Access funds OpenVPN 2.4 audit
Private Internet Access has contracted Dr. Green as an independent consultant to do a comprehensive evaluation of the version of OpenVPN that is currently available on GitHub and search for security vulnerabilities. Once OpenVPN 2.4 is out of beta and released, the final version will be compared and evaluated to complete the security audit.
The OpenVPN 2.4 audit is important for the entire community because OpenVPN is available on almost every platform and is used in many applications from consumer products such as Private Internet Access VPN to business software such as Cisco AnyConnect. Instead of going for a crowdfunded approach, Private Internet Access has elected to fund the entirety of the OpenVPN 2.4 audit ourselves because of the integral nature of OpenVPN to both the privacy community as a whole and our own company.
Once the independent audit is completed, Private Internet Access will share the final report with OpenVPN prior to releasing the results to the public. Furthermore, we will work with OpenVPN to ensure that any discovered vulnerabilities are fixed before publishing.
We look forward to verifying the security of OpenVPN 2.4 and will keep the privacy community posted about developments in the OpenVPN 2.4 audit.
Comments are closed.
11 Comments
That’s great, thanks.
But I’m interested in knowing how much is the cost of the audit of OpenVPN, can you please share that information?
Very true. Definitely going above and beyond. If PIA was based in a country without ridiculous data retention laws and could provide a log-less VPN service PIA would be without doubt one of the best VPN service providers. I have used PIA in the past and they provide good service, broad server selection & excellent speeds.
AFAIK PIA doesn’t log. In this court case
https://torrentfreak.com/vpn-providers-no-logging-claims-tested-in-fbi-case-160312/
PIA was unable to provide anything identifying the user. The only thing they could tell them is what server the user connected to. Multiple PIA users share the same external IP address, so it is very hard for them to figure out who-is-who after the fact.
If the government takes control of their system that is another thing, but no company could stay secure under those circumstances.
That is great but how about supporting OpenVPN on the Chromebook? My personal laptop screen broke on my last business trip. I used to travel with work laptop, personal laptop, and tablet. I replaced the personal laptop and tablet with a convertible Chromebook for about the price of a tablet. With the Android app store working well this is going to become an important tool. But I had a disappointing exchange with customer support trying to get a user cert to use OpenVPN with PIA. They told me to use IPsec. Provide a client or the user cert, which PIA must be generating for the OpenVPN clients on other platforms
Does OpenVpn give free port forwarding
Thanks, PIA. Another reason to keep being a customer.