From 7a5bb93cbe2f78e11ee2e14ac261247e43cae092 Mon Sep 17 00:00:00 2001
From: Angristan <stanislas.lange@protonmail.com>
Date: Sun, 4 Dec 2016 17:21:41 +0100
Subject: [PATCH] AES-256 is not necessarily the most secure cipher

Indeed, it it most vulnerable to Timing Attacks : https://en.wikipedia.org/wiki/Length_extension_attack

Also, AES 128 is secure enough for every one, so it's still the recommended cipher.
---
 openvpn-install.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 6153090..f68428b 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -221,9 +221,9 @@ else
 	echo "and are still viable to date, unlike some default OpenVPN options"
 	echo ''
 	echo "Choose which cipher you want to use for the data channel:"
-	echo "   1) AES-128-CBC (fastest, recommended)"
+	echo "   1) AES-128-CBC (fastest and sufficiently secure for everyone, recommended)"
 	echo "   2) AES-192-CBC"
-	echo "   3) AES-256-CBC (most secure)"
+	echo "   3) AES-256-CBC"
 	echo "Alternatives to AES, use them only if you know what you're doing."
 	echo "They are relatively slower but as secure as AES."
 	echo "   4) CAMELLIA-128-CBC"