
NSA's Information Assurance Directorate releases “goSecure” vpn made easy - SEJeff
https://iadgov.github.io/goSecure/
======
nwrk
Disclaimer of Warranty

This Work is provided "as is." Any express or implied warranties, including
but not limited to, the implied warranties of merchantability and fitness for
a particular purpose are disclaimed. In no event shall the United States
Government be liable for any direct, indirect, incidental, special, exemplary
or consequential damages (including, but not limited to, procurement of
substitute goods or services, loss of use, data or profits, or business
interruption) however caused and on any theory of liability, whether in
contract, strict liability, or tort (including negligence or otherwise)
arising in any way out of the use of this Guidance, even if advised of the
possibility of such damage.

------
SEJeff
Note that they give the webapp sudo root access on the Raspberry Pi that runs
the access point's captive portal. This is borderline security incompetence:
[https://github.com/iadgov/goSecure/blob/master/scripts/pi_mg...](https://github.com/iadgov/goSecure/blob/master/scripts/pi_mgmt.py)

------
technion

        userPasswordHash = hashlib.sha256(str(stored_salt) + password).hexdigest()
    

Should I have expected better of the NSA?

