OpenVPN will get a security audit
OpenVPN 2.4 will be audited by Johns Hopkins University cryptography professor Matthew Green.
Published at GitHub, OpenVPN is a wildly popular security protocol. The audit is being funded by Private Internet Access, a provider who uses the OpenVPN standard.
“The OpenVPN 2.4 audit is important for the entire community because OpenVPN is available on almost every platform and is used in many applications from consumer products such as Private Internet Access VPN to business software such as Cisco AnyConnect,” Private Internet Access’s Caleb Chen wrote. “Instead of going for a crowdfunded approach, Private Internet Access has elected to fund the entirety of the OpenVPN 2.4 audit ourselves because of the integral nature of OpenVPN to both the privacy community as a whole and our own company.”
Green has a long history in this field. In addition to his work in academia, he’s on the board at the Open Crypto Audit Project, where he led the security audit of the TrueCrypt project after intense pressure following Edward Snowden’s NSA revelations in 2013. He’s been a part of teams that have exposed vulnerabilities in systems like E-ZPass. He’s also currently looking at closely and critically encryption in Google’s Android N.
Most recently, he was a part of the team that created the anonymous cryptocurrency Zcash.
The results of the audit will be shared with the OpenVPN community and then published for the public.