Stronger OpenVPN key?

[revwatch]

Hi guys,

I'm curious if anyone knows how to generate stronger keys for the openvpn service. I turned on the openvpn server on my router and exported a key for my laptop. My laptop connects just fine but I see a warning in the router logs:

WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.

Is there any way to make it larger?

 

[octopus]

Here is a good guide to generate vpnkeys.
https://github.com/RMerl/asuswrt-merlin/wiki/Generating-OpenVPN-keys-using-Easy-RSA

 

[RMerlin]

Hi guys,

I'm curious if anyone knows how to generate stronger keys for the openvpn service. I turned on the openvpn server on my router and exported a key for my laptop. My laptop connects just fine but I see a warning in the router logs:

WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.

Is there any way to make it larger?

That has nothing to do with keys, this is because you use the default cipher, which is Blowfish - it uses a 64-bit block size. You need to switch to something like AES-128-CBC instead of using Default.

 

[sfx2000]

It's probably a good time to change the default to AES-128-CBC

Blowfish is considered in the same bucket as RC4, 3DES - even the author has recommended moving to another cipher...

https://en.wikipedia.org/wiki/Blowfish_(cipher)#Weakness_and_successors

 

[revwatch]

That has nothing to do with keys, this is because you use the default cipher, which is Blowfish - it uses a 64-bit block size. You need to switch to something like AES-128-CBC instead of using Default.

I should have known better. Thank you for pointing it out!

 

[RMerlin]

It's probably a good time to change the default to AES-128-CBC

Been there, done that:

https://github.com/RMerl/asuswrt-merlin/commit/65f08f1befba8e3c293ecebff4bc49cc408b12e2

 

[sfx2000]

Been there, done that:

https://github.com/RMerl/asuswrt-merlin/commit/65f08f1befba8e3c293ecebff4bc49cc408b12e2

Probably for the best anyways... not just security, but the speed impact is minimal to a plus perhaps...

(numbers from Raspbian Jessie, note that the Pi2/Pi3 may have features in the CPU that the Cortex-A9 in the Broadcom 4709 might not have)

Pi3 (Cortex-A53)

OpenSSL 1.0.1t  3 May 2016
built on: Fri Sep 23 22:38:09 2016
options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr) 
compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM
blowfish cbc     63867.73k    72246.74k    74448.21k    75290.97k    74320.55k
aes-128 cbc      80615.96k    92460.91k    96452.52k    97122.99k    97512.11k

Pi2 (Cortex-A7)

OpenSSL 1.0.1t  3 May 2016
built on: Fri Sep 23 22:38:09 2016
options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr) 
compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM
blowfish cbc     36089.69k    40047.68k    41176.23k    41462.10k    41549.82k
aes-128 cbc      38910.05k    42153.71k    43413.33k    43730.22k    43879.08k

 

[sfx2000]

And here's some numbers from another thread - in any event, no good reason to do blowfish these days...

aes-128-cbc is as good as bf-cbc...

RT-AC68U (RMerlin's snapshot numbers on RT-AC68U - Cortex-A9)

OpenSSL 1.0.2g  1 Mar 2016
built on: reproducible build, date unspecified
options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) idea(int) blowfish(ptr) 
compiler: arm-brcm-linux-uclibcgnueabi-gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -ffunction-sections -fdata-sections -O3 -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
blowfish cbc     36915.44k    42434.73k    43879.42k    44380.84k    44518.06k
aes-128 cbc      44942.35k    49098.05k    51060.96k    51337.56k    51464.87k
aes-256 cbc      34033.03k    37076.28k    38205.37k    38533.78k    38704.43k

WRt1900ACv2 - Marvell Armada 385, Cortex-A9 - DD-WRT

OpenSSL 1.0.2e 3 Dec 2015
built on: reproducible build, date unspecified

compiler: ccache arm-openwrt-linux-gcc -I/home/seg/DEV/mvebu/src/router/zlib -L/home/seg/DEV/mvebu/src/router/zlib -I/home/seg/DEV/mvebu/src/router/openssl/crypto -fPIC -I. -I.. -I../include  -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Os -pipe -march=armv7-a -mcpu=cortex-a9 -mtune=cortex-a9 -mfpu=vfpv3-d16 -mfloat-abi=softfp -fno-caller-saves -DASMAES512 -ffunction-sections -fdata-sections -I/home/seg/DEV/mvebu/src/router/zlib -DNDEBUG -DOPENSSL_NO_ERR -DTERMIO  -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
blowfish cbc     29817.64k    31649.17k    32004.52k    32087.16k    32226.45k
aes-128 cbc      51975.55k    56637.65k    58510.21k    58654.72k    58840.41k
aes-256 cbc      40014.20k    42613.78k    43574.53k    43790.68k    43808.09k