OpenVPN appears safe from the NSA

Douglas Crawford

Douglas Crawford

January 8, 2015

Properly implemented strong crypto systems are one of the few things that you can rely on.

Edward Snowden from Hong Kong in June 2013

For the past decade, NSA has led an aggressive, multipronged effort to break widely used Internet encryption technologies [and] vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.

From an NSA BULLRUN presentation

Ubiquitous encryption

Ever since the first Edward Snowden NSA revelations were first published in June 2013, the world has been aware of the lengths to which the United States National Security Agency (NSA) will go in its almost sacred mission to destroy all internet privacy so that it can spy on absolutely everything everybody ever does online.

Over the Christmas period Der Spiegel published more documents from the Snowden archive, which provide greater detail about the NSA’s assault on internet privacy standards. The news is not entirely bad however, as the documents make clear that certain programs and types of encryption cause the NSA ‘major’ headaches.

Although the documents are now a couple of years old, ‘experts consider it unlikely the agency’s digital spies have made much progress in cracking these technologies.’ Technologies which stymie the NSA include:


Transcripts of intercepted chats show the NSA had no luck reading OTR encrypted messages

  • Tor
  • ZRTP – a secure internet telephony protocol used by FOSS programs such as Signal (iOS) and Redphone (Android)
  • CSpace – an Instant Message system

When Tor, ZRTP and CSpace are used together, the documents describe the situation as being ‘catastrophic’, resulting in a ‘near-total loss/lack of insight to target communications, presence.’

What these documents prove is that strong encryption presents a serious and often insurmountable obstacle to the NSA.

To a certain extent, the Snowden documents should provide some level of relief to people who thought nothing could stop the NSA in its unquenchable thirst to collect data. It appears secure channels still exist for communication. Nevertheless, the documents also underscore just how far the intelligence agencies already go in their digital surveillance activities.

A notable aspect about all the programs mentioned is that they are open source, which allows the code to be audited by anyone qualified to do so. As a solution this is far from perfect, but it is the only way to protect against the NSA sneakily inserting backdoors into software without anyone noticing.

So whither VPN?

One of the more alarming revelations is the extent to which the NSA has gone in its quest to crack or undermine VPN protocols.

According to an NSA document dating from late 2009, the agency was processing 1,000 requests an hour to decrypt VPN connections. This number was expected to increase to 100,000 per hour by the end of 2011. The aim was for the system to be able to completely process “at least 20 percent” of these requests, meaning the data traffic would have to be decrypted and reinjected. In other words, by the end of 2011, the NSA’s plans called for simultaneously surveilling 20,000 supposedly secure VPN communications per hour.

The devil, however, is in the detail. It has been known for quite son me time that the PPTP protocol is very insecure (despite which it is still very popular with businesses), so the fact that the NSA can crack it with ease comes as no surprise.

More interesting is the fact that IPSec does give the NSA pause. It is far from insurmountable, but rather than trying the break the encryption itself, the NSA prefers to send in its special Tailored Access Operations (TAO) team ‘to actively attack routers involved in the communication process to get to the keys to unlock the encryption.’

What this means is that to intercept IPSec protected communications, routers must be specifically targeted by a special unit, which costs time and resources. That said, the NSA has these in abundance, so IPSec should never be considered secure against the NSA (although it should be more than sufficient against lesser adversaries).


There is no specific mention in these documents about OpenVPN, but any attack on this open source VPN protocol (something the NSA must surely have spent considerable effort in doing) would necessarily focus on the SSL/TLS handshakes used, or on the encryption employed for the data itself.

As regards SSL/TLS,

The NSA and its allies routinely intercept such connections — by the millions. According to an NSA document, the agency intended to crack 10 million intercepted https connections a day by late 2012. The intelligence services are particularly interested in the moment when a user types his or her password. By the end of 2012, the system was supposed to be able to “detect the presence of at least 100 password based encryption applications” in each instance some 20,000 times a month.

However, if Perfect Forward Secrecy (PFS) is employed the situation changes considerably, as a new (ephemeral) Diffie-Hellman key is generated for each new connection. While the use of PFS is becoming more common, it should be criminal how many so-called secure websites do not employ it at the present time.

PFS is built into the OpenVPN standard though, so to spy on users the NSA would have to crack each user’s keys every time they connected to their VPN service. By default OpenVPN protects keys with 2048-bit RSA encryption, which is believed to remain NSA-proof’, although we applaud providers who offer higher levels of key encryption.

As for an attack on the encrypted data itself, most VPN providers now use Advanced Encryption Standard (AES), which remains secure,

Electronic codebooks, such as the Advanced Encryption Standard, are both widely used and difficult to attack cryptanalytically. The NSA has only a handful of in-house techniques. The TUNDRA project investigated a potentially new technique — the Tau statistic — to determine its usefulness in codebook analysis .



The NSA’s determined attack on privacy and the cryptographic systems that protect it are as heinous as there are terrifying, and serve only to make the internet less secure for everybody.

Some measure of hope, however, can be drawn from the fact that good math can still stop the NSA in its tracks, and especially here for us at BestVPN, confirmation that the OpenVPN protocol appears to remain secure is very welcome.

What is certain is that the more people who routinely use strong encryption for every aspect of their online lives, the more ‘noise’ the NSA will have to deal with, and the harder its job will be. As the NSA slide shown at the top of this article notes,

Did you know that ubiquitous encryption on the internet is a major threat to NSA’s ability to prosecute digital-network intelligence (DNI) traffic or defeat adversary malware?

Exclusive Offer
Get NordVPN for only
Get NordVPN for only