I am reffering to commercial VPN providers, e.g. NordVPN
How sophisticated must an attacker be?
Asked
Active
Viewed 62 times
1 Answers
2
It's very unlikely they can decrypt it based on a users credentials - the credentials are only used to authenticate the User to the VPN (so they know you've paid for it) - most if not all VPN's would then generate a new encryption keypair (or singular key) to encrypt the session with. Someone who has the login credentials could use the VPN services as advertised but not read traffic nor decrypt the existing (or indeed future non-existing) session(s). Most VPN's allow simultaneous connections (for family plans or something) so it's in their best interest to generate per-session encyption keys. Having said that its not only a VPN this applies to - almost any communication encryption benefits from changing keys such that if a key is ever found, past and future encryptions can't be decrypted with it.
This applies mostly to commercial VPN as you have asked for - things like VPN into corporate or confidential servers is another story, where the credentials can be used by an attacker to gain access into an area. This answer doesn't cover that case where corporate secrets might be available over VPN or something, though most VPN clients such as Cisco AnyConnect probably also generate new keys per session (so the transmission itself is safe)
QuickishFM
- 1,082