| 1 | = DUHK attack and OpenVPN = |
| 2 | |
| 3 | == Background == |
| 4 | October 24, 2017 Shaanan Cohney, Nadia Heninger and Matthew D. Green released [https://duhkattack.com/paper.pdf Practical state recovery attacks against legacy RNG implementations] (PDF) which have been known as the DUHK attack: [https://duhkattack.com/ Don't Use Hard-coded Keys]. This relates in particular to a Random Number Generator (RNG) algorithm known as ''ANSI X.931 RNG''. |
| 5 | |
| 6 | The ANSI X.931 RNG have been deprecated as part of the FIPS specification as of January 2016 and is further discouraged elsewhere too. |
| 7 | |
| 8 | == How is OpenVPN affected? == |
| 9 | |
| 10 | OpenVPN is '''''not''''' affected by DUHK. All random number generation in OpenVPN is based upon the SSL/TLS libraries and, to our knowledge, neither OpenSSL nor mbed TLS depends on the ANSI X.931 RNG algorithm. Further, OpenVPN does not use or deploy any hard-coded keys or seeds for the RNG. And both OpenSSL and mbed TLS libraries implements regular re-seeding of the RNG at regular intervals. |