I'm not staff but I'll try to answer as many of these questions as I can. 1. Is there a monthly bandwidth-usage limit?
No.2. Do you throttle connections that use excessive bandwidth?
.3. How many concurrent connections are allowed per account?
<unknown>4. How many hops are there in your VPN connections?
One, until the voodoo nodes come online.5. What type(s) of VPN encryption do you use? Why?
AES-256-CBC with SHA-512 HMAC. Strongest combination currently available for OpenVPN.6. Do you support perfect forward secrecy? If so, how?
Yes, through the use of ephemeral keys.7. Do you provide users with Diffie Hellman key files?
If you mean client-side keys, no. Does not fit the security model.8. How do you authenticate clients – certificates/keys, or usernames/passwords?
In the Cryptostorm security model, clients are not authenticated as such
. The password is a default password used by everyone, so the only differentiator which is used to provide access to the network is the hashed token. Think of it as buying a postage stamp, lottery ticket, or train ticket - in cash. The token is your ticket to use the system, nothing more.9. Do you employ HMAC-Based TLS Authentication? If so, why?
, unless you mean additional key-based TLS authentication, to which the answer is no
.10. Do you ever email usernames and passwords to customers?
No, just tokens.11. Does each customer have a unique client certificate and key?
No.12. Are your VPN gateway servers hosted, co-located or in-house?
Hosted. In the real world (LEO) it makes absolutely no difference.13. Are any of your VPN gateway servers running on VPS or cloud servers?
The core VPN nodes are running on bare metal. voodoo
nodes will run on VPS instances, but they are no more than gateways to the core nodes, where all of the authentication is performed.14. How are your VPN gateway servers protected?
Standard and non-standard security methods including firewalls, IDS/IPS and custom scripts, as well as custom compiled, grsecurity
-hardened kernels.15. Where is user account information stored?
There isn't any. Token hashes are stored in a database running on each exit node. Additionally, no IP logs are kept anywhere.16. How is communication between servers secured?
I don't know for certain, but if it was me it would be a combination of firewalls and secure tunnels.17. Do you allow port forwarding by users?
If you mean static port-forwarding for servers or BitTorrent clients/seedboxes, no.18. Are all client ports ever forwarded by default? If so, on which servers?
All client-side ports (i.e. replies
) are forwarded on all servers.
Damn, I was hoping for two more questions.