VPN Solutions are becoming far more commonly used than ever before, not only because consumers want to hide their real location from hackers and governments, but also because a VPN allows people to bypass censorship and restrictions. OpenVPN, one of the most commonly used protocols, will undergo a cryptographic audit once it comes out of beta.
The OpenVPN 2.4 Cryptographic Audit
Many people rely on VPN services because they trust that the service provider will not log their activity on the network. To do so, however, the VPN provider will need to encrypt all communications to provide an environment where prying eyes cannot intercept the information being transmitted. In addition, companies must adhere to strong cryptographic standards.
As we have seen in the past few months, however, governments and law enforcement agencies are breaching encryption whenever they can. To stay one step ahead of these problems, OpenVPN software will receive a thorough third-party cryptographic audit in the next version. This test will be conducted by Matthew D. Green of Johns Hopkins University.
Once OpenVPN version 2.4 comes out of beta, the audit will be performed as soon as possible. It is of the utmost importance to have OpenVPN go through this protocol, as it is one of the most commonly used protocols to provide secure connections. Among its “users” are Private Internet Access and Cisco AnyConnect, to name a few.
To be more specific, the OpenVPN cryptographic has already commenced a few weeks ago, but it’s hard to say how long the process will take. The full release of OpenVPN 2.4 has not been confirmed just yet, and it is possible tthat some vulnerabilities may require fixing in the coming weeks or months.
This will not be the first thorough cryptographic audit conducted by Matthew D. Green either. He has done cryptographic auditing in the past for TrueCrypt before that project became defunct. He is also a member of the open Crypto Audit Project’s Board of Directors. What its rather remarkable is how Private Internet Access is funding this security audit entirely.
A separate OpenVPN audit crowdfunding effort was underway by the Open Source Technology Improvement Fund. Smaller VPN service providers want to ensure that everything takes place in an independent setting, rather than having one provider fund the entire effort. It is not unlikely that we will see two audits in the end, which can only be a good thing.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.