OpenVPN logo

OpenVPN, one of the most popular VPN clients today, is to receive a security audit from Dr. Matthew Green, a famous US cryptographer and assistant professor at the Department of Computer Science at the Johns Hopkins University.

The security audit will target version 2.4 of the OpenVPN client, currently in a release candidate state. OpenVPN is an open source project, and the 2.4 RC is also available on GitHub.

Private Internet Access, an anonymous VPN service provider is sponsoring the audit. Just like many VPN providers nowadays, Private Internet Access uses the OpenVPN client as a basis for its own applications.

"The OpenVPN 2.4 audit is important for the entire community because OpenVPN is available on almost every platform and is used in many applications from consumer products such as Private Internet Access VPN to business software such as Cisco AnyConnect," a Private Internet Access explained.

OpenVPN security audit to be made public

The company said yesterday in a blog post that they've contracted Dr. Green in private over the audit.

The noted cryptographer will revise the OpenVPN's client source code and file a report that will be made available to the OpenVPN developers.

Private Internet Access has pledged support to help the OpenVPN developers fix the reported flaws before the report is made available to the public.

Green is an experienced and respected cryptographer

Dr. Green has previously led the security audit of the TrueCrypt project, an application for hard-disk encryption that was discontinued in 2014.

Dr. Green's audit, which came on the heels of Snowden's NSA revelations, concluded that there were no backdoors in TrueCrypt.

More recently, Dr. Green has also published a blog post criticizing the Android Open Source Project for sub-standard support for encryption in Android N [Nougat, Android 7.0].

He also recently argued that Apple needed to replace iMessage encryption.