Jump to content

Same SSL VPN Key used by 28,000 Routers


Recommended Posts

This link details a security issue that inolves (as near as I can tell) commodity routers that use a built-in SSL key to secure their VPNs.


Many routers today allow customers to create a VPN between various office spread around a geographical area. This lets employees in one office work off a file server at the home office in a transparent manner (the employee doesn't have to do anything extra... he/she simply logs in to the domain in the morning and starts work). However it appears that many commodity routers (netgear, etc.) may be using weak 512-bit keys instead of 2048-bit keys (and higher).


The open-source "OpenVPN" makes you create a key when you configure the VPN and each key to each link is different. I always use a 2048-bit key but apparently commodity routers have a built-in key length of 512-bit. and every router uses the same key.


Here is the link. http://www.itworld.com/article/2897775/researchers-find-same-rsa-encryption-key-used-28000-times.html?phint=newt%3Ditworld_today&phint=idg_eid%3Dafbdce93df1132e5de07d306edf23bac#tk.ITWNLE_nlt_best_2015-03-19


If you are using a "cloud" VPN or commodity routers for your VPN you should take a look at the system you're using.





Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

This topic is now closed to further replies.
  • Create New...