Originally Posted by un-midas touch
Yea this news kind of throws a wrench in the works of the whole key-vs-lockpick thing. Really if you're smart enough there's a way around anything, and a way to block that route, and a way around that, etc...
More disturbing is if they try and make it illegal to encrypt in the first place. "without a license" or something.
That's true, realistically the best way to keep someone from accessing your stuff is to make it take so long that it's not even worth it anymore (just hope someone doesn't really
want your stuff...).
Originally Posted by B-rock
If I'm understanding this correctly, you can have dual-factor authentication with OpenVPN
, which if I'm understanding correctly requires a password and some type of device that doesn't change that holds a key so only 1 person can be on that "line" at a time if I understand correctly.
All IPSec connections require a "shared secret" or a valid certificate, so in that regard it's probably not possible to read that traffic on the fly.
I'm pretty sure the technology being mentioned is primarily oriented towards HTTPS traffic, where the key must be established in the open before encrypted communication can begin.