VPN or Virtual Private Networks do one thing better than almost any other online service:
All VPN services encrypt user data as the data is traveling between a VPN server and the user’s computer machine.
In this two-part VPN encryption guide, we will take a comprehensive look at what the community calls encryption.
We will also talk about how VPN services use encryption to form VPN connections.
More importantly though, we will try our best to explain all the confusing terms related to encryption.
And believe us, there is a whole array of such terms.
But that is not the only reason users should learn about these terms.
VPN services regularly make use of terms that we will mention in this guide.
If you want to become an expert at separating normal VPN services from the good ones then you need to know as much as you can about these terms.
The primary cause of the confusion regarding VPN terms is that VPN services make use of slapdash description to the point that it makes it very hard for the customer or anyone else to really know what kind of encryption the VPN in question is really using.
Our aim in this document is to enable users to read through it as quickly as possible and as a result of it, gain a greater understanding of all the terms related to VPN encryption.
We also hope that our efforts will lead to users having a lot of understanding about VPN encryption terms.
With this guide, users should have no problems in developing a critical eye when it’s finally time to asses the privacy and security claims of some of the best VPN service providers in the world.
Users who aren’t confident about their knowledge in terms of what a VPN service really is and what VPN services can do for online users, should click here to read our comprehensive guide on what is a VPN.
As far as this guide is concerned, we will use terms such as device, computers, and machines interchangeably.
While doing that, users should understand that these terms refer to any and all devices that have access to the internet and are fully capable of running general VPN clients.
Currently, such devices include,
- Desktop machines
- And the rest
Again, our aim in this guide is to present all the relevant and important features of any VPN encryption implementation in a simple manner.
Or at least, as simple as is humanly possible.
With that said, it is also true that there no escaping the fact that VPN encryption is a woefully complex subject.
People who despise technical terms should probably stay away from such VPN encryption discussions.
We’re talking about people whose eyes start to glaze over with boredom when they come across terms such as encryption and the rest.
For those who still have the desire to know more about VPN encryption and how to recognize a good VPN service via such terms, should continue reading till the end of this part and the next one.
The definition of Encryption
In our experience, it always helps if we describe encryption with an analogy.
So here it goes.
We want users to think of encryption as a lock.
Those who have the right kind of key may take the easy route to unlock this lock.
Similarly, if a person does not have the right key but still has a desire to access the data and other content which lies within the strong box, then the person will have to break the lock that is protecting the strong box.
Now, continuing with the same example, readers should understand that there are different types of locks.
A lock that protects a bank vault is exponentially more powerful than the lock that only has to secure a simple suitcase.
In other words, not all encryption is created equal.
Some encryption implementations are stronger than other encryption implementations.
We’ll take one more simple example before moving onto real encryption terms.
Think back to the time when you were just a simple little kid.
Do you remember playing that game where one kid created a harmless secret message with the help of nothing but a substitution of some letters present within the message with other random letters?
Okay, maybe you don’t.
But you get the idea.
A kid who wanted to create a secret message did so by using a formula of his/her own making and then applying it when substituting letters within the message.
That formula, most of the times, is unique to the kid or the user who is making up the secret message.
You could have one kid who used the formula of substituting each letter present in the original message with four letters behind the given letter in the alphabet.
The only way for anyone to read such a message would be if that special someone knew the formula of the first kid.
Or had enough brains to figure out the pattern of the message.
There is no other way for anyone to read that secret message.
Now, in common cryptography jargon, we say that what the first kid did was encryption.
The kid encrypted his message (also known as data).
And he did it with the help of a fairly logical mathematical algorithm.
Most cryptographers like to refer to such kind of mathematical algorithms as ciphers.
In order to decrypt these ciphers, one has to have the right key.
The key represents a variable parameter.
This parameter essentially determines the cipher’s final output.
If someone does not have this parameter then it becomes practically impossible for anyone to take the cipher and decrypt it.
Moreover, if a given user does not have access to the right key then in order for the user to read the contents of the encrypted message, he/she will have to make an attempt to crack the given cipher.
As most of our readers would imagine, in cases where the encryption makes use of a straightforward letter replacement cipher, it isn’t that hard to crack it open.
The best way to make an encryption exponentially more secure is by making the cipher (also called the mathematical algorithm) more complex.
To take an example, a user could change the replacement formula to substituting every fourth letter of the given user message with a digit that corresponds to that letter in question.
In Encryption, does key length matter?
But the thing is, the majority of modern computer machines make use of ciphers that are extremely complex.
Researchers have found it very difficult to actually crack open these ciphers even when they have used supercomputers for the task.
For all practical purposes, modern ciphers are impossible to crack.
There are many ways to measure a given cipher’s strength.
The crudest method is to look at the complexity of the mathematical algorithm that someone used to create the cipher.
No prize for guessing that the more complex the mathematical algorithm, the more difficult it becomes for some to crack open the cipher via methods such as brute force attacks.
Now, we’ll admit that brute force attacks are an extremely primitive form of attacks.
Some simply refer to these type of attacks as exhaustive key search attacks.
Brute force attacks basically involve someone, usually a program, to try each and every combination of alphabets and numbers until the program finds the correct key.
Most of us reading this guide would already know that computers make use of binary numbers in order to perform all of their calculations.
Binary numbers consist of ones and zeros.
Usually, the actual complexity of any given cipher depends on the cipher’s key size.
It is measured in bits.
These represent the raw or actual number of zeros and ones that are absolutely necessary in order to express the cipher’s mathematical algorithms.
Again, a single bit represents each one and/or zero present to express the cipher’s mathematical algorithm.
This is exactly what the community knows as the cipher’s key length.
The number associated with the key length of the cipher also represents the real-world practical feasibility of cracking open a given cipher by performing a successful brute force attack.
All of this should lead us to understand that the actual key length pretty much corresponds to the total number of number combinations possible.
As mentioned before, these combinations make it more difficult to carry out a successful brute force attacks.
Moreover, as the total number of possible combinations increases rather exponentially as the key size is increased.
If one is making use of the AES cipher then,
- 1 bit would give 2 combinations
- 2 bit would give 4 combinations.
- 8 bit would give 256 combinations
- 16 bit would give 65536 combinations.
- 64 bit would give 4.2 x 10^9 combinations.
- 128 bit would give 3.4 x 10^38 combinations.
- 192 bit would give 6.2 x 10^57 combinations.
- 256 bit would give 1.1 x 10^77 combinations.
We could go on but you get the general idea.
Let’s try and put that into the proper numbers really are.
Fujitsu K became the fastest supercomputer machine on earth back in 2011.
It had the capability of reaching 10.51 petaflops in terms of Rmax peak speed.
Let’s take that figure to move forward.
Considering the 10.51 petaflops figure alone, the Fujitsu K supercomputer would take around 1.02 x 10^18 years to successfully crack open a 128 bit AES encryption if it only made use of brute force attacks.
That is about one billion billion years.
Or more specifically, one quintillion years.
Still, don’t know how much that is?
Well, according to most scientists, the current age of the universe is around 14 billion years.
That’s how powerful the 128-bit Advanced Encryption Standard, AES, really is.
In 2017, China developed Sunway TaihuLight, the world’s fastest supercomputer.
Many considered it to be a beast of a machine.
It had the capability of reaching peak speeds of 93.02 petaflops.
Now, even though that sounds like a lot, it only means that this supercomputer would still not manage to crack open the previously-mentioned 128 bit AES cipher key if it tried for 885 quadrillion years via brute force technology.
Now, the of operations that a computer has to perform in order to crack open a 256-bit cipher using brute force methods is around 3.31 x 10^56.
This number is pretty close to the actual number of particles (atoms) that are present in the observable universe.
More Computer Ciphers
The one thing we want readers to understand is that the actual key length of the encryption cipher used only refers to the raw amount of numbers that are involved.
We want readers to think of algorithms as the formula that the kid used in our previous example.
The ciphers are just the mathematics that the machine has to use in order to perform the actual encryption.
In previous paragraphs, we have already shown that using brute force attacks to crack open ciphers even with fast computers is a massively impractical approach.
With that said, some cipher algorithms have weaknesses.
Sometimes these weaknesses are deliberately put in these ciphers by their implementers.
These weaknesses can assist entities to break the overall encryption.
But we just said that modern ciphers are unbelievably powerful.
So how come they have suddenly become powerful?
Well, it turns out, if a given output of a specific cipher has a bad design, then it may help to reveal some kind of vague structure of what the original information looked like before the encryption took place.
All this does is that it creates a vastly decreases the size of the possible combinations set which the computer may have to try before cracking the cipher.
In effect, if someone, a machine or a person, finds out that structure then the effective length of the key can be cut short rapidly.
To take an example, let’s discuss the Blowfish cipher.
This cipher, though good, has a specific vulnerability to a cyber attack which is able to exploit the mathematics that are present behind a specific problem in probability theory known as the birthday problem.
In fact, there is a whole study area where people only think about the weaknesses that are present in various cryptographic computer algorithms.
The study area is known as cryptanalysis.
We know we have just said that some ciphers have weaknesses.
What we haven’t mentioned clearly is that, increasing the length of the involved key always leads to tangible compensation as far as the strength of the cipher is concerned.
The length of the key greatly increases the total number of possible combinations and/or outcomes.
To counter such problems, hackers usually try to attack the key rather than the cipher itself.
Such attacks have no problems in affecting specific websites and/or particular software products.
However, since the attacker only cracks the key, the security of the present cipher algorithm remains intact.
What does that have to do with anything?
Well, when the cipher remains in working order, all other systems that make use of the same given computer algorithm but different set of keys (for security) remain unaffected.
In other words, the break does not affect those systems because of their different set of generation keys.
Key Length of the Cipher
As alluded to before, the strength of any given cipher has a huge dependence on both its key length and the mathematics behind the cipher itself.
Note that the key length here has to be expressed in bits.
It is exactly for this reason that VPN services typically don’t forget to mention the key length they use with their cipher.
Now, the user should have no trouble in understanding what AES 256-bit means.
It means, an AES cipher along with a key length of 256-bits.
Generally speaking, the security community considers the AES 256-bit as the stronger encryption implementation than AES 128-bit.
The operative word here is generally.
It is important to make that distinction because when we’re talking about AES 256-bit and AES 128-bit encryption we’re talking about some really complex mathematics here.
We will discuss more about what AES is in a later section of this two-part series of posts.
For now, it is vitally important for users to note that as far as the strength of the cipher is concerned, key length is not the only factor that we need to consider.
There are also other factors that indicate the strength of a given cipher.
Factors such as the actual cipher used.
Combine cipher with the key length and that is what truly matters.
To take an example, there are many ciphers that security engineers use for tasks such as asymmetric encryption.
For such tasks, ciphers make use of longer key sizes.
These key lengths are even longer when one compares them to the ones that security engineers use with symmetric encryption.
In simpler terms, for the same level of protection, the key sizes for asymmetric encryption are larger than symmetric encryption.
Examples of symmetric encryption (AES) include,
- AES 256
- AES 192
- AES 112
Some corresponding examples of asymmetric encryption (RSA) include,
- RSA 15360
- RSA 3072
- RSA 2048
We’ll be the first ones to admit that these comparisons get old very quickly.
Because such tables simply cannot take into consideration all the new attacks that are happening all the time.
In other words, researchers have discovered many previously unknown cyber attacks on RSA.
The other thing that users must note is that Diffie-Hellman and elliptic curve variants of RSA have much more strength when compared with traditional ones.
However, we sincerely hope that users have understood the idea by now.
Readers should also keep in mind that the longer the length of a given key, the more mathematical calculations the computer has to solve.
And the more calculations the computer has to solve, the more processing power it requires.
As one would imagine, the length of the key greatly impacts the speed at which the machine can encrypt and then decrypt the data.
This is where VPN service providers and other online security products have to decide how they want to balance practical usability and security.
The best solutions involve selecting those encryption schemes which provide the best of both worlds.
In a later section of this guide, we will discuss more about all the major ciphers that different VPN protocols make use off.
With that said, we would like to inform the user that the most common and widely-supported cipher that the user is likely to encounter out in the open is AES.
In the VPN industry, users are likely to find both AES and Blowfish.
Additionally, VPN services and other privacy products make use of the RSA technology to encrypt and then decrypt the present cipher’s keys.
Generally speaking, these services also make use of SHA-1 and/or SHA-2 to authenticate data.
What are SHA-2 and SHA-1?
Click here to learn more about that.
What is Perfect Forward Secrecy
PFS or Perfect Forward Secrecy is something that the security community likes to refer to as ephemeral encryption keys.
Some VPN services use these ephemeral encryption keys while others don’t.
Instead of using such a convoluted terminology, VPN services just call it Forward Secrecy in order to please those online consumers who feel uncomfortable while reading the word perfect.
Perhaps this is a good time to mention the fact that almost all modern online communications secure themselves by relying on SSL/TLS.
VPN protocols such as OpenVPN and HTTPS websites make use of SSL/TLS.
What is TLS?
The term TLS stands for Transport Layer Security.
It is an encryption protocol but an asymmetric one.
Whenever a communication channel makes use of an asymmetric cipher, the communication channel makes use of a public key.
This public key is something that is available to anyone and everyone.
However, only the intended recipient has the ability to decrypt the public key.
The intended recipient holds the related and correct private key.
It is here that we would like to mention that the intended recipient of a message must make sure that only he/she has the private key.
In other words, he/she has to keep it a secret.
Otherwise, if someone steals it or hires a super-awesome adversary to do the job then there is no guarantee against the adversary not easily intercepting and then reading any and all communications that the user has secured via the private key.
The unfortunate part about the whole matter is that it is fairly commonplace for entire companies and sometimes even individual servers to make use of a single private encryption key for the purposes of securing all their communications.
This is risky.
So why do some servers and companies do it?
Well, they do it because using a single private encryption key is easy.
As alluded to before, if an attacker gets hold of that key and compromises it then he/she has the option of accessing all communications that the server or the company has encrypted with that private encryption key.
Readers should think about private encryption keys as master keys.
Because that is exactly what they are.
This master key is anyone ticket to unlocking any and all communications that occur through a server or within a company.
What makes all of this even worse is the fact that organizations such as the NSA have made a name for itself by exploiting such weaknesses for the purposes of collecting vast reams of ostensibly secure data.
What is the solution to all of these problems?
The solution is to make use of security features such as Perfect Forward Secrecy.
With this system in place, each communication session generates a unique and new encryption key.
On the face of it, such an idea seems like a simple one.
Now, we don’t mean to give the impression that the Diffie-Hellman exchange mathematics is simple as well.
It is not.
In fact, it is very complex.
For the end user, this means that each given TLS communication session can bank on its very own set of encryption keys for protection.
That is where the term ephemeral encryption keys come from.
Once a communication session has used them, they disappear.
Because of such a system, the hacker doesn’t have any master key that he/she can exploit to his/her advantage.
Assuming that a hacker has managed to compromise a session, then the hacker has only managed to compromise that particular session.
In other words, all the other communication session that someone may have formed with the company or an individual server are safe.
Now, to guard against even a single compromised session, sometimes security engineers make use of features which allow them the option of refreshing Perfect Forward Secrecy keys within a single session.
It isn’t common.
But it is there.
Users can take advantage of such a feature to refresh their Perfect Forward Secrecy each passing hour.
As alluded to just now, such features further limit the quantity of user data that an adversary can intercept even when the adversary has managed to compromise a given private key.
It is also true that just a few years go, very few (if any) OpenVPN connections and/or HTTPS websites made use of security features such as Perfect Forward Secrecy.
The good news is that, now a lot of the most popular websites make use of HTTPS protection.
And no, HTTPS still has not become universal, although it should.
We would like to see more and more communication channels to make use of these ephemeral encryption keys.
Of course, we’re happy that some have started to use them of late, but we would like to see more engagement with these security features.
More VPN Encryption
What are the VPN protocols
Readers should think about VPN protocols as a vast set of instructions and/or mechanisms that two computers negotiate with each other in order to form a secure and encrypted connection between them.
Commercial VPN service providers commonly support a decent number of VPN protocols.
Some of the most widely supported VPN protocols are,
We’ll take a look at all of them just below, but users should know that OpenVPN has pretty much become the industry standard when it comes the most-widely used VPN protocols.
Almost all good commercial VPN service providers have their default settings configured to use the OpenVPN protocol.
And for good reason, we feel.
OpenVPN offers reasonable speed along with maximum security.
Moreover, almost all internet-enabled and VPN-capable devices can use the OpenVPN protocol.
We will, therefore, spend a bit more time using our digital ink to write about OpenVPN protocol in more detail.
- Fairly easy to install and set up.
- Comes as a built-in feature for many clients on almost all available platforms.
- Services and websites can easily block PPTP connections
- Not secure
- Reports say that the NSA has definitely compromised it
Readers should keep in mind that PPTP is just a VPN protocol and nothing else.
This VPN protocol actually relies on several authentication methods in order to provide users with a decent amount of security.
Our research shows that the vast majority of commercial VPN service providers make use of MS-CHAP v2 as their preferred authentication method with PPTP.
PPTP also uses an encryption protocol (think of it like a standard cipher).
It is called MPPE or Microsoft Point-to-Point Encryption.
Perhaps this is also a good time to mention that Microsoft founded the consortium that developed the PPTP, or Point-to-Point Tunneling Protocol.
The company did that in order to create VPN over dial-up online networks.
In that context, it is true that PPTP managed to become the standard VPN protocol for a lot of corporate VPN networks.
And it remained in that position for many years.
As a VPN protocol, PPTP is actually available as a standard option for almost all internet-enabled and VPN-capable devices and platforms.
Compared to other VPN protocols, PPTP is easy to install and set up.
The user does not have to install any kind of additional software on his/her machine in order to use this protocol.
We suspect that this is just one of the reasons why PPTP retains its popularity among commercial VPN service providers as well as business VPNs.
Now, because of the fact that it doesn’t offer the highest level of security and is fast, it requires very few computational overheads when it comes to the implementation stage.
It is definitely an advantage.
And that’s what makes PPTP quick.
But before readers get the wrong idea, we would like to mention again that PPTP is not the most secure VPN protocol out there.
In fact, some believe it is not secure in the least bit.
We should also mention that usually modern VPN services only offer the PPTP protocol with 128-bit encryption keys.
And that’s a problem.
Microsoft introduced this VPN protocol with its Windows 95 OSR2 way back in the year 1999.
Since then, researchers have found a good number of potential security vulnerabilities associated with this VPN protocol.
Our research shows that the most serious of all these potential security vulnerabilities is the possibility of MS-CHAP vs Authentication that is un-encapsulated.
Hackers can now make use of this exploit alone to crack PPTP within 48 hours.
As expected, Microsoft found out about it and patched this security vulnerability.
However, the company itself has issued a document in which it recommends that users should use SSTP or L2TP/IPSec instead of the PPTP protocol.
At this point, it shouldn’t surprise anyone when we say that the likes of the NSA have the ability to decrypt communications that make use of PPTP encryption.
Users should just take it as a standard that NSA will have no trouble in watching them when they are using the PPTP protocol.
Another worrying fact is that agencies such as the NSA have managed to collect a ton of older user data that people and organizations generated back when everybody considered the PPTP encryption as secure.
There is no doubt about the fact that the NSA would have an easy time in decrypting such legacy data even with the least of their resources.
Readers must remember that VPN protocols such as PPTP require both the GRE protocol and TCP port 1723.
Our research shows that it has become fairly easy to actually firewall the GRE protocol.
This is the reason why it has become even easier to block all PPTP VPN connections.
To summarize, we say that users should avoid using PPTP.
The only situation in which users should connect via PPTP is when they have compatibility issues with other protocols.
In other words, when it is absolutely necessary.
- Offers more speed than OpenVPN according to some.
- Fairly easy to install and set up.
- Most consider it safe enough
- The majority of modern platforms support it.
- Most services implement this VPN protocol badly.
- This VPN protocol struggles to deal with restrictive firewalls.
- It isn’t proved, but some feel the NSA has compromised this VPN protocol as well.
- Again, not proved, but the NSA may have deliberately weakened this protocol.
What is L2TP/IPsec?
L2TP, or the Layer 2 Tunneling Protocol, comes as a built-in feature on almost all the major and modern operating systems.
It is also available on the countless VPN-capable devices.
That makes this protocol very enticing since the user doesn’t have to spend a lot of time and effort in installing it and setting it up.
In that aspect, it is like PPTP.
If we’re exclusively talking about the L2TP protocol and nothing else, then users should know that it does not really provide confidentiality and/or encryption to user traffic that may pass through it.
That is the reason why most services try to implement this protocol with the aforementioned IPsec authentication suite.
And hence, in totality, this protocol is known as the L2TP/IPsec protocol.
Moreover, it doesn’t really matter if a VPN service provider likes to refer to this protocol as IPsec or L2TP.
Some do it regardless.
But it doesn’t mean anything.
Users should assume that wherever there is L2TP or IPSec, there is always L2TP/IPSec.
The L2TP/IPsec protocol has the ability to use either AES ciphers and/or the 3DES.
Our research shows that the 3DES cipher is reasonably vulnerable to Sweet32 and Meet-in-the-middle collision attacks.
Hence, in practice, users will find it very hard to encounter 3DES these days.
The L2TP/IPSec protocol can give rise to many other problems because it only makes use of a very limited number of ports.
Why does that cause a problem?
Well, such a limited number of ports cause complications whenever a user connects to them from behind applications such as NAT firewalls.
And since this VPN protocol relies on these fixed points, organizations along with services find it easy to block it.
One difference that we must mention here is that the L2TP/IPsec makes sure to encapsulate all user data twice.
This might sound great in terms of security but it significantly slows the user’s connection down to a halt.
However, the L2TP/IPsec protocol tries to offset this problem by making sure that the decryption/encryption process occurs within the kernel.
The L2TP/IPsec protocol also allows multi-threading.
This feature is something that even OpenVPN doesn’t offer.
As a result of all these measures, theoretically speaking, the L2TP/IPsec protocol is faster than the OpenVPN protocol.
And there is nothing wrong with that.
L2TP/IPsec tries to ensure the maximum amount of security with the help of the AES cipher.
As mentioned before as well, the AES cipher currently has not a single major security vulnerability.
Even if there is one, no one seems to know about it.
VPN services and other privacy products that have the technical expertise to implement this protocol properly may make it reasonably secure.
With that said, if we believe the revelations from Edward Snowden, we have no choice but to consider this protocol as insecure since he said the NSA had compromised the standard.
Well, he didn’t actually say that, but he did hint it in strong terms.
It is here that we would like to mention John Gilmore.
Who is he?
He is a security specialist.
John is also one of the founding members of EEF, or Electronic Frontier Foundation.
Gilmore also published a post which explained that makers of the IPSec protocol may have deliberately weakened the protocol during the protocol’s design phase.
But that’s not the biggest problem.
The biggest problem, arguably, is that a lot of VPN service providers don’t know how to implement L2TP/IPSec protocol.
More specifically, these VPN service providers make use of pre-shared encryption keys or PSKs.
Anyone with an internet connection is free to download these pre-shared keys from the VPN’s official website.
The good thing about these pre-shared keys is that elite VPN service providers only use them in order to authenticate the user’s VPN connection.
Hence even if an adversary manages to compromise these keys, the user’s data remains secure and safe because it is encrypted with AES.
Of course, the attacker (with enough skills) could just utilize these pre-shared encryption keys to impersonate as a VPN server.
After doing that, there is nothing stopping the adversary from eavesdropping on the user’s encrypted internet traffic.
An adversary could also inject various kinds of malicious data directly into the user’s VPN connection.
To summarize, setting aside some of the issues which are theoretical in nature, the security community does consider the L2TP/IPsec protocol as secure.
However, experts warn that users should stay away from using pre-shared keys which are published openly.
L2TP/IPsec has built-in compatibility with many internet-enabled devices.
And that makes this protocol an above-average choice as a VPN protocol.
- Has the ability to bypass the majority of firewalls
- Support from Microsoft
- The Windows operating system comes with complete SSTP integration
- Exceedingly secure
- Microsoft owns this proprietary standard
What is SSTP Protocol?
Readers should think of SSTP as a special type of encryption.
It is special in the sense that it makes use of SSL 3.0.
And since other good VPN protocols such as OpenVPN also utilize SSL 3.0, both of these offer similar benefits.
SSTP comes packed with the ability to utilize the TCP port 443.
This is great for users who want to evade censorship.
It is also true that since Windows has such a tight integration with SSTP, it makes it very easy for users to take advantage of this VPN protocol.
As far as the Windows platform is concerned, SSTP offers more stability than OpenVPN.
However, unlike OpenVPN, the SSTP protocol is actually a proprietary standard.
As mentioned above, Microsoft owns it.
For the end user, this means the SSTP protocol does not open its code to public scrutiny.
There is little doubt about the fact that Microsoft has worked really hard to make some history with the NSA.
In other words, it has cooperated with the agency.
Because of that, the security community has speculated about the Windows operating system having built-in possible backdoors.
Whether or not that is true, it doesn’t inspire a great deal of confidence on part of the end user in this standard.
Microsoft originally introduced SSTP, Secure Socket Tunneling Protocol, when the company launched Windows Vista SP1.
That has changed though in the sense that even Linux users can now use this standard.
SSTP is also available on the Mac OS X platform.
But we can’t deny the fact that this VPN protocol is a Windows-only standard primarily.
Now, we know we mentioned that SSL 3.0 allows the SSTP protocol to offer a lot of benefits.
We have discussed them as well.
Now comes the part about how SSL v3.0 is actually vulnerable to attacks such as POODLE attack.
This is what the community calls it.
Because of this issue, no one seems confident in recommending this standard anymore.
Readers should also have a clear idea that the problem is with SSL 3.0 and not with SSTP itself.
But does that problem affect SSTP?
It is unclear.
However, it doesn’t really inspire any confidence in this standard or does it?
To summarize, on paper, this VPN protocol provides users with several of the same benefits they are likely to get from the OpenVPN protocol.
But the thing is, it is a proprietary standard and Microsoft owns it.
This badly undermines SSTP’s credibility as a safe VPN protocol.
- Blackberry devices support this protocol.
- Very easy to use and set up from the user’s end.
- If users combine it with AES encryption, it is secure
- Pretty stable. Takes very little time when users try to switch networks or reconnect after the user has lost the current internet connection.
- Implementations other than open source aren’t really trustworthy
- Many platforms do not support this protocol.
- Some find it very tricky to properly implement IKEv2 at the server-end.
This may not sound dangerous but it could develop potential security issues.
What is IKEv2?
The term IKEv2 stands for Internet Key Exchange version 2.
Who developed it?
Devices running the iOS operating system, Blackberry, Windows 7 + natively support this VPN protocol.
With that said, developers around the world have toiled to independently develop various versions of the IKEv2 protocol which don’t have any compatibility issues with operating systems such as Linux and others.
The majority of these IKEv2 iterations are actually open source.
We tell readers that they should always exercise caution with any software application that comes to them via Microsoft.
Of course, the open source versions of this VPN protocol don’t come packed with the same privacy issues.
The IKEv2 protocol is actually only a tunneling protocol, strictly speaking.
Our research shows that the only time it becomes a VPN protocol is when it pairs with IPSec or a similar authentication suite.
Following from the term L2TP/IPSec, it stands to reason that the community should refer to this protocol as the IKEv2/IPsec protocol.
However, as some of our veteran readers would already know, it rarely is called that.
Microsoft dubs this protocol as VPN Connect.
As such it is surprisingly competent at re-establishing a given VPN connection automatically whenever it detects that the user has temporarily lost his/her internet connection.
For readers who need examples, such a situation can easily arise when a user is leaving or entering the subway system.
Or even a train tunnel.
IKEv2 also has support for MOBIKE or Mobility and Multihoming protocol.
Because of that, this VPN protocol has a great resilience to changing networks.
In fact, this feature also makes IKEv2 a formidable choice for users of smartphone who are regularly involved with changing their mobile connections to home WiFi connections.
Users who move between different Hotspots regularly may also benefit from this protocol.
As far as the popularity of this VPN protocol goes, it is nowhere near to L2TP/IPSec.
The evidence of that is very few mainstream platform support IKEv2.
With that said, it is also true that in terms of speed, stability, performance, security, and the very important ability to establish a given VPN connection and then re-establishing it, the IKEv2 protocol is superior to the L2TP/IPSec protocol.
On the other hand, some consider it to be on par with L2TP/IPSec.
To summarize, IKEv2 represents a fast and secure VPN protocol.
There is little doubt about the fact that mobile users may have an inclination to prefer this VPN protocol over the OpenVPN protocol.
And perhaps they are justified since IKEv2 has improved a lot in its ability to reconnect whenever a user loses his/her internet connection.
It handles interruptions like these very well.
Users who are on the Blackberry platform, the IKEv2 option is their only option.
In the end, we advise users to only prefer open source IKEv2 iterations.
- Has the ability to bypass firewalls
- Is open source
- A high number of configuration options
- Assuming the user utilizes PFS, it is very secure
- The user is required to install a third party software application in order to use it.
What is OpenVPN?
As the name suggests, OpenVPN is nothing but an open source technology.
It makes use of TLS protocols and OpenSSL library.
But that’s not all.
OpenVPN employs an amalgam of new and old technologies to do its work.
In the process of doing so, it manages to offer users a reliable and strong VPN solution.
That is the reason why OpenVPN has managed to become the industry standard and most widely used VPN protocol when it comes to commercially available VPN service providers.
Of course, there are lots of other reasons for that as well.
One of the biggest strengths of the OpenVPN protocol is that it offers a ton of configuration options.
Some privacy-conscious users love that.
Now, we should mention here that no platform in the world has native support for the OpenVPN protocol.
However, via third-party applications, almost all platforms work with it.
Individual VPN service providers routinely offer apps and custom OpenVPN clients to their customers.
With that said, the core of the open source code behind OpenVPN comes from the OpenVPN project.
In other words, the OpenVPN project has developed OpenVPN.
It is also true that a lot of contributors and developers to the above-mentioned OpenVPN project also have work commitments with OpenVPN Technologies Inc.
This is just a company that oversees the whole thing.
Users have the option of setting OpenVPN to run via any port but in our experience, it turns best when the users make use of the UDP port.
We’ll include more information about it in a later section.
For now, it is sufficient for the users to know that they can also connect to the TCP port 443.
This is the best port for regular HTTPS traffic.
The biggest benefit that users gain when they run OpenVPN over the previously mentioned TCP pot 334 is that it makes it very hard for anyone to tell apart VPN connections and the secure connections users have to make use of when visiting online retailers, email services, and banks.
All of these things mean that OpenVPN becomes almost immune to blocks.
There is one other advantage of using an OpenVPN protocol.
And that advantage comes in the form of OpenSSL Library that OpenVPN makes use of.
The OpenSSL library provides OpenVPN encryption.
And it also supports several other ciphers.
Coming back to the practical world, however, we see that the vast majority of VPN service providers (at least the commercial ones) only make use of AES and Blowfish.
We will discuss both of these encryption technologies in a later section.
Edward Snowden (him again!) made some revelations a couple of years ago.
And the information that saw a lot of light from the media showed that if users ensured that they used Perfect Forward Secrecy in their VPN connections, then the NSA can’t weaken or compromise the OpenVPN protocol.
We also want to report that a very recent and crowdsourced audit of this VPN protocol has reached its completion phase.
Private Internet Access, a VPN service, has also funded another audit of OpenVPN.
It too has reached its completion stage.
Both of them show that OpenVPN has no serious security vulnerabilities.
At least none that have the potential of affecting the user’s privacy.
Researchers did find a few security vulnerabilities when they discovered that hackers could open up OpenVPN servers to potentially big DoS or Denial of Service attacks.
The good news here is that OpenVPN listened to those security concerns.
And appropriately, came out with patches for all of those in OpenVPN 2.4.2.
As mentioned before as well, most security experts consider OpenVPN as the most secure and reliable of all VPN protocols.
Its availability is almost universal.
And it supports a wide range of platforms.
Most of the top VPN service providers offer this VPN protocol as their default choice.
Because of its importance, we would like to dedicate a special section to this VPN protocol in order to discuss some of its features in greater detail.
To summarize, OpenVPN represents the most reliable, versatile and secure VPN protocol that the security industry has to offer.
However, users have to make sure that the service they are using has implemented this protocol the proper way.
Our general recommendation to online consumers is to stick to OpenVPN whenever they can.
The first thing we want readers to understand is that OpenVPN encryption is actually comprised of two separate parts.
There is the control channel encryption.
And then there is the data channel encryption.
The OpenVPN VPN protocol makes use of the data channel encryption in order to secure the user’s data.
On the other hand, the control channel encryption makes sure that it secures the connection between the VPN server and the user’s computer.
In general terms, any given defense is actually only as powerful as its weakest link.
This is something that most VPN service providers don’t understand.
That is also the reason why so many VPN service providers make use of a strong encryption on their data channel and a weak encryption on their control channel.
Even good VPN service providers make this mistake.
But they do it the other way by using a more powerful encryption for their control channel and a weaker one for their data channel.
To take an example, it isn’t actually uncommon to observe a given VPN service advertising its services and telling potential customers that it makes use of AES 256-bit cipher along with RSA-4096 handshake encryption.
These VPN services also tell users that they use SHA 512-bit as a hash function for the purposes of authentication.
Such figures may sound very impressive to some users.
But more often than not, users don’t have to look too hard to realize that the VPN service only referred to its control channel encryption.
It didn’t say anything about the data channel encryption.
VPN services who do this usually utilize the much weaker Blowfish 128-bit with the SHA1 hash function for authentication for their data channel.
But they don’t advertise this since it looks bad.
And bad marketing is as good as no marketing.
As alluded to before as well, if a given VPN service provider makes use of different encryption technologies on its control and data channels, then the real strength of the VPN service’s OpenVPN connection is actually the strength of the weaker of the two used encryption suites.
That’s how one is supposed to measure the strength of a given VPN service’s security features.
VPN services who offer the maximum amount of security always use the strongest encryption for both the control channel and the data channel.
However, it is also true that when VPN services use stronger encryptions, their VPN connections become slower.
Users don’t want that.
This should explain why some VPN service providers are so inclined to scrimp on encryption that they use for their data channel.
It is here that we would like to mention the fact that control channel encryption sometimes goes by the name of TLS encryption.
The Transport Layer Security is actually a technology that VPN services make use of in order to negotiate a connection between the VPN server and the user’s machine in a secure manner.
As it turns out, the TLS technology is also the same technology that the user’s browser makes use of in order to negotiate a secure connection to a website that makes use of HTTPS encryption.
One other thing that many fail to understand is that the data channel encryption only consists of a hash authentication function and a cipher.
On the other hand, the control channel encryption is made up of a hash authentication function, handshake encryption, and a cipher.
As mentioned before as well, reasonably reputed VPN service providers often make use of the same level of security, i.e encryption, for their data and control encryption channels.
When we review VPN service providers at Security Gladiators, we usually list a single cipher and hash function if the VPN service uses the same implementation for both data and control channel.
If they both differ, then we mention that difference.
For example, when we tell the reader that a given VPN service provider makes use of AES 256-bit cipher and then stop, then that means this VPN service provider uses AES 256-bit cipher for both data and control channels.
Now, of course, VPN service providers are free to change that at any time.
But we try to make sure we give users updated information as much as we can.
It is true that some of our older VPN reviews may not meet the guidelines described just now, but our team is working on phasing those reviews out in due time.
In order to successfully secure user data via both data and control channels, the OpenVPN protocol has the potential of using several symmetric-key ciphers.
When we come to the real world though, it becomes clear that the majority of commercially available VPN service providers only make use of,
- Camellia, although rarely.
Currently, OpenVPN makes use of the Blowfish 128-bit cipher as its default cipher.
Theoretically speaking, the key lengths can go to 448 bits from 32 bits.
With that said, out in the wild, our research shows that 90 percent of the protocols that users are likely to come across will be ones that make use of Blowfish 128-bit.
For casual purposes, security experts agree that Blowfish 128-bit is secure enough.
But we also have to give consideration to the fact that Blowfish has considerable and known security vulnerabilities.
Let’s go over some introduction so that we are able to talk about Blowfish with our friends pretending we know a lot.
And the first thing anyone should ever mention about anything in order to impress someone is to talk about who created something/anything.
In our context, we want to know who created Blowfish?
Bruce Schneier did it.
Who is he?
He is a cryptographer and a renowned one at that.
Back in 2007, Bruce Schneier told reporters that he found it amazing that different services still used Blowfish.
Our research shows that Bruce Schneier is a bit of an A-grade student in the sense that he doesn’t want anything but the best.
We feel that it is totally acceptable for services to make use of ciphers such as Blowfish 128-bit.
But only as their secondary line of online defense.
We also think, Blowfish 128-bit is only sufficient for OpenVPN data channel.
With that said, we should also mention that services and users should not consider Blowfish secure if they want to use it on their control channel.
This cipher is so good that it has taken very little time to rise through the ranks and become the gold standard (in the VPN industry) symmetric-key cipher.
AES can also boast about its NIST certification.
If there is one symmetric-key cipher that has universal approval then it is AES.
The vast majority of the community considers it very secure.
It is so secure that even the likes of US government use it to protect their secure data.
Readers should know that we’re talking about AES 256-bit here, not AES 128-bit, but that is pretty strong as well.
The AES cipher makes use of a 128-bit block size.
On the other hand, Blowfish utilizes a block size of 64-bit.
This fact alone means that AES is more capable when it comes to handling large files that are over 4GB in size.
Blowfish isn’t that great at doing that.
Additionally, ciphers such as AES also have the added advantage of having complete instruction sets that are able to benefit from hardware acceleration, a built-in feature that is becoming more common on various platforms by the day.
Generally speaking, the AES cipher is available to all users in key sizes of 256-bit and 128-bit.
Some of the lesser known offerings include AES 192-bit.
As far as security is concerned, AES 128-bit is more than sufficient.
Currently, no one is aware of any security vulnerabilities associated with AES 128-bit.
With that said, it is also true that the NSA has a lot of talented security engineers.
No one knows the full capabilities of these engineers working at the NSA.
As of now, no encryption standard is safe per se.
But the majority of security experts are in agreement that the AES 256-bit offers the highest level of security.
As with most things in life, nothing is as it seems.
Even though, on paper, AES 256-bit is the strongest encryption there is, some experts regularly debate this issue.
We don’t expect all of our readers to understand this, but the word is AES 256-bit uses a weaker key schedule than AES 128-bit.
This factor alone has pushed some pretty eminent security experts to hold the position that between AES 256-bit and AES 128-bit, the former is the weaker one.
However, that is not the general consensus.
The AES 256-bit standard remains the strongest encryption implementation there is.
Like AES and Blowfish, Camellia is also a cipher.
It is pretty secure and also modern.
Some believe that Camellia, on average, is every bit as quick and secure as the AES cipher.
And just like AES, its key sizes come in 256, 192 and 128 bits.
All of these are available to users for implementation.
However, AES with its NIST certification and the fact that the US government makes use of it, remains at the top spot even though Camellia is starting to challenge its legitimacy.
Readers should also keep in mind that just because a given cipher has NIST certification, it doesn’t automatically mean that it is the best one out there.
In fact, there are some media outlets who believe having a NIST certification is actually a reason to not fully trust a given cipher.
Following from that, since Camellia isn’t a member of the NIST cipher club, many choose it over other NIST members such as AES.
The only problem with Camellia is that, very few VPN service providers offer it.
Moreover, one also has to take into account the fact that researchers have tested the AES cipher for potential weaknesses in a far more comprehensive manner than Camellia.
As mentioned before as well, OpenVPN makes use of the TLS handshake method in order to enable the user’s device and the VPN service’s server to negotiate and form a secure connection.
In the process of doing so, the VPN server and the OpenVPN client have to establish secret keys using which they can easily communicate.
But one also has to protect such a handshake.
To do that, the TLS typically calls upon the popular RSA public-key cryptosystem.
What is it anyway?
It is nothing but a digital signature and encryption algorithm that is mainly used to identify and verify TLS/SSL certificates.
With that said, it is also true that the option of using ECDH or Diffie-Hellman key exchange is also available.
We have described this fact already that RSA represents an asymmetric encryption system.
In other words, this is a system that makes use of a public key for the purposes of encrypting the data.
However, to decrypt the data it makes use of another and a different key called the private key.
As far as the last 20 years (and more) go, this encryption system has formed the basis of all online security for digital communications on the internet.
Researchers have worked hard and have established that as far as the RSA is concerned, a key length of anything equal to or less than 1024-bit (or RSA 1024-bit) isn’t really secure.
Security researchers also believe that the NSA definitely has cracked RSA 1024-bit.
Consequently, many internet companies have started to away from the less secure RSA 1024-bit.
The only unfortunate part about this situation is that, one can easily find plenty of VPN service providers who are still adamant in using RSA 1024-bit in order to protect their handshakes.
Needless to say, that is irresponsible.
Security researchers still consider the RSA 2048-bit standard (and higher) as safe and secure.
RSA, on its own, doesn’t have the capability of offering users the PFS, or Perfect Forward Secrecy, feature.
However, services can implement it by including Elliptic curve Diffie-Hellman (ECDH) or Diffie-Hellman (DH) key exchange system in their cipher suites.
Readers should also know that in such cases, the actual strength of the ECDH or DH key exchange is of no relevance.
Because the system is only using it to provide users with features such as Perfect Forward Secrecy and nothing else.
The VPN connection itself has RSA to secure it.
We know that users have a lot of confusion about how the whole system of RSA works.
Therefore we would like to note here that the previously mentioned RSA cryptosystem doesn’t really have anything with RSA Security LLC, a disgraced United States technology firm.
RSA Security LLC, made deliberate changes to the company’s BSAFE encryption consumer products to weaken it.
Why did it do that?
Well, according to most media reports, the NSA bribed the company with $10 million.
ECDH and Diffie-Hellman (DH)
We have already talked about ECDH.
One other alternative and possibly rival handshake encryption is Diffie-Hellman or DH.
The OpenVPN protocol makes use of this handshake encryption from time to time.
Essentially, DH represents a cryptographic key exchange system.
As far as the typical key lengths go, the DH key exchange uses 4096-bits or 2048-bit.
We have already mentioned the fact that users should avoid using any encryption standard or service that makes use of 1024-bit or less key lengths.
Users must not use them.
Any key length less than 2048-bits is very much susceptible to cyber attacks such as the logjam attack.
One of the main advantages of using the Diffie-Hellman handshake with the RSA encryption cipher is that such an encryption system offers user PFS (Perfect Forward Secrecy) natively.
Before this section, we noted that, on the other hand, if a service simply takes its RSA handshake and adds a Diffie-Hellman key exchange to it, then that achieves pretty similar results.
There is much controversy over the use of Diffie-Hellman.
If it is secure then why is there controversy?
It turns out, security researchers have criticized Diffie-Hellman for re-using a restricted and small set of prime numbers.
According to such security experts, any powerful adversary, like the NSA, can take advantage of this vulnerability and crack DH.
As alluded to before as well, Diffie-Hellman is not the end-all handshake encryption system.
At least, on its own it is not.
Users who still want to use Diffie-Hellman but don’t want to have an insecure connection should use it as part of a suite that makes use of the RSA cipher.
Our research shows, that combination should provide enough security.
As for ECDH, or Elliptic curve Diffie-Hellman, it is just another and newer form of secure cryptography.
In other words, the ECDH cryptography system does not have any vulnerabilities to the type of attacks that can cause havoc to DH.
Why is that?
It is so because the Elliptic curve Diffie-Hellman utilizes a few other lesser known properties of specific types of algebraic curves.
It doesn’t make use of big prime numbers like Diffie-Hellman in order to encryption VPN connections.
Users have the option of using ECDH as a part of a larger RSA handshake in order to have access to PFS, or Perfect Forward Secrecy.
ECDH also has the ability to encrypt a given handshake securely on its own by making use of ECDSA signature.
Moreover, such a combination also offers the PFS feature.
As far as key lengths go, the key lengths that ECDH uses start at 384-bits.
Most security experts consider this as secure.
However, if a system is using ECDH on its own in order to take a TLS handshake and secure it then we suggest the longer the key length the better it is.
Of course, if security is not the main aim them shorter key lengths may suffice.
SHA Hash Authentication
The SHA Hash Authentication is sometimes referred to as HMAC or hash message authentication code.
Sometimes it just goes by the name of data authentication.
But what is SHA or Secure Hash Algorithm?
It is nothing but a cryptographic hash function.
Along with some other things, security services use it to authenticate TLS/SSL connections and data.
Examples include the likes of OpenVPN VPN connections.
The Secure Hash Algorithm also has the ability to create a unique and new fingerprint of a given TLS certificate (a valid one).
Afterward, an OpenVPN VPN client can validate the fingerprint itself.
Using this technique even minute amounts of alterations are detectable.
In other words, if someone has tampered with the certificate then a client will not have any trouble in immediately detecting it and then refusing the connection.
Such setups are very important for users and companies who want to protect themselves against MitM or Man-in-the-Middle attacks.
In Man-in-the-middle attacks, a skilled adversary makes attempts to successfully divert the user’s OpenVPN connections to a server that the adversary controls instead of the server of the user’s VPN service provider.
Some feel that is a bit too high-level attack.
But in reality, all that a hacker has to do in order to launch a Man-in-the-middle attack is to hack the user’s WiFi router.
After that, it is simply a matter of time before the hacker routes the user’s connection to a server that the hacker controls.
Assuming that the adversary/hacker is skilled enough to crack the actual hash function of the user’s VPN provided genuine and valid TLS certificate, the hacker has all the opportunity in the world to reverse the user’s hash function in order to create a fake or forged TLS certificate.
Once the hacker has done that, the OpenVPN software application would not think twice about authenticating the user’s connection and considering it as genuine.
So is SHA Safe?
SHA-1 is pretty much broken if someone is trying to protect and secure HTTPS websites with it.
We’re not saying that, they are.
Of course, this isn’t anything new.
The community has known this for quite some time now.
That doesn’t mean one can’t find any website using SHA-1 protection either.
In fact, there are many that still do.
However, their operators are slowly phasing out SHA-1.
Everyone wants SHA-1 gone for good.
That is just one of the reasons why the majority of mainstream browsers show users a warning message whenever they try to form a connection with a website that makes use of SHA-1 to secure its connection.
Almost all reputable sources now recommend that websites should use SHA-3 and SHA-2 hash function from now on.
They are secure.
Nothing more needs to be said about that.
SHA-2 does a good job of including SHA-512, SHA-256, and SHA-384.
Now let’s come to the WARNING part.
It is just sad that OpenVPN only makes use of SHA to secure HMAC.
We are not sure if our readers would benefit a lot if we go into the details of why and how that is the case.
Readers should rest knowing that HMAC algorithm now has SHA hash authentication as one of its parts.
As a result of that, hackers find launching attacks against SHA-1 hash function much easier than HMAC embedded with the SHA-1 hash function.
To put it in simpler terms, OpenVPN makes use of HMAC SHA-1 and not just SHA-1.
This makes it safe and secure.
For those who want to read up on all the related mathematical proofs should click here.
It is also befitting to mention the fact that combinations such as HMAC SHA-3 and HMAC SHA-2 are much more secure than HMAC SHA-1.
This is exactly what a recent audit of OpenVPN also recognized.
It recognized the fact that HMAC SHA-1 is, without a doubt, safe.
However, the audit recommended that OpenVPN would do well to transition from HMAC SHA-1 to HMAC SHA-3 or HMAC SHA-2 for more security margin.
As mentioned several times in this very guide before (in case you did not read all the sections and are just jumping around) the NIST or the United States National Institute of Standards and Technology either certified or outright developed SHA-2, SHA-1, RSA, and AES.
Now we won’t have a problem with that.
But NIST itself has admitted that the body has worked and still works very closely with the likes of the NSA to enhance its cipher development.
Since everyone now has a clear idea of what NIST does and doesn’t do, it shouldn’t be hard for anyone to understand why NIST cooperating with the NSA is a problem.
NSA has made systematic efforts in order to build backdoors into and/or weaken various international encryption standards.
This is what has led us to believe that there are many reasons why users should question NIST algorithms and their integrity.
As expected, the National Institute of Standards and Technology has refuted all such allegations in a strong manner.
The body recently told the media that NIST would never work towards weakening a given cryptographic standard deliberately.
To counter all such allegations, the body recently announced invitations for public participation in helping the body to develop a multiple number of encryption standard proposals.
Some believe that NIST wanting help for various upcoming encryption standards is nothing but a move that NIST has designed to improve public confidence in its work.
A 2013 report from the New York Times made an accusation against the NSA.
The newspaper said that the agency circumvented encryption standards that NIST had approved.
It also said that the NSA did that by either making attempts to subvert the actual public development cycle/process or by introducing various undetectable backdoors.
The New York Times alleged that the NSA wanted to weaken the NIST-approved algorithms.
Some believe that the distrust of NIST-approved algorithm gained more weight when a division of EMC, RSA Security, told customers in private meetings that they should stay away from using a specific encryption algorithm.
Because reportedly, the NSA had engineered a flaw right into the encryption algorithm.
Things became even more interesting when news surfaced that NIST had actually endorsed the algorithm.
Furthermore, NIST also engineered another encryption standard by the name of Dual_EC_DRBG.
The term stands for Dual Elliptic Curve Deterministic Random Bit Generator.
Of course, the only problem with this standard is that the security community thinks it is insecure.
Back in the year 2006, a team of researchers working in the Netherlands at the Eindhoven University of Technology noted that their researchers had found it very easy to launch an attack against Dual_EC-DRBG even on an ordinary personal computer.
Later, engineers working at Microsoft also flagged the algorithm for suspected backdoors in it.
Are these concerns enough for us to just push NIST aside?
These concerns have been making the rounds for a lot of years now.
But interestingly enough, wherever NIST goes, the rest (the security industry to be specific) follows.
The evidence for that is very clear as well.
All major players in the online security industry, such as RSA, Symantec, Cisco, and Microsoft offer this algorithm via the cryptographic libraries in their products.
That should not surprise readers.
Because these companies have to comply with NIST standards.
If they don’t they can’t really sign those lucrative United States government contracts.
Think of it as a prerequisite that these companies have to fulfill in order to join the race.
Moreover, cryptographic standards that have NIST certification have become nearly ubiquitous if one looks at the state of the online security industry today.
These algorithms have penetrated almost all areas of business and industry which have to rely on privacy.
Chilling, is the word that comes to mind when one thinks about the whole situation.
Perhaps this is the precisely the reason why cryptography experts have not spoken up about this issue.
So many products rely on these cryptographic standards that it isn’t just feasible to face the facts and solve the problems.
AES-GCM vs AES-CBC
If we take out the last couple of years, the only AES cipher which users would have come across the most, as far as the VPN industry is concerned, was the AES-CBC cipher.
The CBC in AES-CBC stands for Cipher Block Chaining.
What is it?
The term refers to nothing more than the block cipher mode.
Click here to read more about that.
Describing AES-CBC and how it works would take another full guide because the subject is rather complex.
Moreover, we don’t think it is worth it for most of our readers.
Theoretically speaking, some believe that the CBC flavor may come with some security vulnerabilities.
However, the general consensus is clear:
CBC is pretty secure.
It is so secure that the official OpenVPN manual has CBC as a recommended option.
With that said, OpenVPN has now upgraded its features.
Now it also offers AES-GCM option.
The GCM in AES-GCM stands for Galois/Counter Mode.
What does it do?
Our research shows that it is primarily used for authentication purposes.
It removes the requirement to use the HMAC SHA (any version) hashing function.
The GCM variant is also a bit faster than the AES-CBC variant.
Because it makes good use of hardware acceleration features where it has the capability to thread to several number of processor cores.
As far as the popularity rank goes, there is little doubt that AES-CBC is in the lead by a country mile.
However, slowly but surely, more and more services are moving towards AES-GCM.
That is also the reason why we are seeing it more regularly out in the open.
The GCM variant has some clear advantages.
We feel that will ensure that it continues its march towards the top.
Of course, from the perspective of cryptography, both AES-GCM and AES-CBC offer maximum security.
OpenVPN TCP vs OpenVPN UDP
We hope some of our readers would already know that users have the option of running OpenVPN either over User Datagram Protocol (UDP) or Transmission Control Protocol (TCP).
As for reliability, it is hard to beat TCP.
Over TCP, when one computer sends data in the form of a network packet to another computer, it does not send another packet until it received confirmation that the other computer has received the sent packet.
If the sender machine does not receive any confirmation, then instead of sending the next packet, the machine would simply resend the current packet.
Such a technique is called error-correction.
With TCP, the two computers can guarantee themselves that they will transfer the whole of the user data to each other.
Such comprehensiveness in transferring data from one place to another comes at the cost of speed.
TCP is slow.
On the other hand, UDP is pretty fast.
It is faster than TCP because it doesn’t perform any error correction processes.
Over UDP, the sender machine simply sends the data.
It makes no effort in confirming if the receiver machine has received the packet of data.
There are no acknowledgments.
And there are no retries.
As mentioned just now, this is the reason why UDP is a lot quicker than TCP.
With that speed, comes reliability issues.
So what do we recommend?
We recommend that when users have a choice, they should always go with UDP because it offers speed.
And you need speed if you want to do anything productively on the internet.
Of course, if the user starts to experience some connection problems then it is time to switch to TCP.
Good VPN service providers make sure that they offer both options so that they are able to strategize each protocol’s use depending on present conditions.
OpenVPN on TCP Port 443 to bypass censorship
OpenVPN has many advantages.
If you have read this far you would already know that.
Well, one of the biggest advantages of using OpenVPN is that users have the option of running OpenVPN over many ports.
One of those ports is TCP port 443.
All HTTPS websites make use of this port.
And HTTPS is the very thing (an encryption protocol more precisely) which handles the task of securing modern websites (the ones that choose to do so).
HTTP is very important in the sense that without a standard such as HTTPS, it would become very hard to carry out online commerce.
In a world with no HTTPS, users would have to live without online banking and shopping.
Because of that, it is exceptionally rare for a website or a service to block TCP port 443.
TCP port 443 offers lots of other bonus features as well.
Any VPN traffic that makes use of this port automatically qualifies to be routed pretty much the same way as HTTPS uses it.
That is, inside the applied TLS encryption.
What does this do?
It fundamentally makes it a lot more difficult for anyone to spot the traffic by utilizing advanced techniques such as Deep Packet Inspection.
Users who want to evade VPN blocks should favor the TCP port 443 for the obvious reasons that we have described above.
Of course, good VPN service providers make sure that they provide users with as many usable port numbers as possible.
So, if the user installs their custom software, he/she can avail the option of connecting to the internet via the OpenVPN protocol and a different port number.
We’re not saying that each and every VPN service provider offers this option.
For those who are stuck with VPN services that don’t, they can try using OpenVPN over TCP port 443 directly at the server level.
This is something that many VPN service providers do.
Users who want to make the switch will have to perform a simple edit to their .ovpn files.
The .ovpn files are just OpenVPN configuration files.
For those who are unsure about any of the stuff we have said in this section, they should make their way to the customer support section of their VPN service provider.
Readers would do well to note that network engineers don’t really like such tactics.
Because running TCP over TCP (again) isn’t something that is awfully efficient.
And engineers hate inefficiency.
But we don’t care about engineers or inefficiencies or do we?
The fact is, users who want to bypass censorship, sometimes, have no option but to make use of such tactics.
So if it works for you, then good to you.
No need to worry about any network engineers.
Perhaps this is also a good time to mention the fact that SSTP default settings dictate that it makes use of TCP port 443.
Summary for those who don’t like to read
When we are talking about secure protocols, we should never talk about PPTP.
It is insecure.
And therefore, people should avoid it.
The reason why it is still around is that it is easy to set up.
Moreover, it has no compatibility issues with most major platforms.
These are attractive features.
Another VPN protocol that offers the same options is L2TP/IPsec.
But L2TP/IPsec is more secure than PPTP.
Users who only use VPN services for non-critical tasks should stick with this VPN solution.
There are a ton of legacy devices that simply do not have the capacity to support OpenVPN.
For such devices, the L2TP/IPsec option is the best one.
However, users should keep in mind that the likes of the NSA have severely compromised this VPN protocol.
This is the only VPN protocol that can match the advantages that OpenVPN offers.
The only problem with this VPN protocol is that it is predominantly available on the Windows platform only.
Users who are on the Windows platform can benefit from this VPN protocol the most because it has native integration with their operating system.
Since VPN service providers are in it, to win it, they don’t really provide any support for this protocol because they want to focus on protocols that other platform users can utilize as well.
It is just business.
Additionally, SSTP isn’t open source.
Microsoft created it and it owns it.
That means, SSTP is proprietary in nature.
Many security experts don’t trust SSTP for this very reason.
We think this is a very reasonable VPN protocol.
It is fast.
This VPN protocol is most suitable for mobile users.
Because it is very good at reconnecting to the internet when it detects that the user has disconnected from a given network.
No other VPN protocol can match it in terms of adapting to network interruptions.
This is the primary reason why some mobile users prefer the IKEv2 protocol over OpenVPN.
IKEv2 is also very popular with Blackberry users.
And it isn’t because it is the best.
It is because the only protocol that works with Blackberry devices is IKEv2.
Our only advice is that users should only install the open source versions of this VPN protocol.
Generally speaking, this is the best VPN protocol in the world right now.
It is the most versatile and the most secure one.
It is also open source.
Not to mention it is not a slouch by any means.
OpenVPN can compete with any other VPN protocol in terms of speed.
People have started to use this protocol because of its reliability as well.
We can’t think of any serious downsides of using the OpenVPN protocol.
However, we do think that most services don’t have a good idea on how to implement this VPN protocol well.
What does that mean?
We mean that OpenVPN should always come in combination with strong encryption and of course, PFS or Perfect Forward Secrecy.
More on OpenVPN Encryption
Readers should always remember that though encryption is a great way to protect one’s data, the way a service implements is of paramount importance.
They should always focus more on the details.
Because, you know, that’s where you’ll find the devil.
In practical terms though, we often see VPN service providers state that they make use of the hyper-powerful AES 256-bit encryption with OpenVPN.
In reality though, this doesn’t really tell the user anything about how good the encryption is.
There is no doubt about the fact that AES 256-bit is indeed a very powerful cipher.
However, if the VPN service provider has neglected other parts of the overall encryption suite then the whole system becomes weak.
To put it in another way, the user’s data won’t get much protection.
This is the actual thing that protects the user’s data.
As mentioned before, in terms of ciphers, there is nothing that can beat AES 256-bit.
It has become an industry standard and that’s why we recommend this.
This is the thing that is supposed to secure the user’s connection to the server of the VPN service provider.
The most secure handshakes are ECDH 384+ and RSA 2048+.
Readers should keep in mind that the Diffie-Hellman and RSA 1024=bit handshakes are no more considered as secure.
This is used to create those unique fingerprints that we talked about before.
The fingerprint itself is critical for validating TLS certificates and data.
In simpler terms, Hash authentication is the best way to go if the aim is to check that the VPN server that the user is trying to connect to is really the VPN server that the user thinks he/she is connecting to.
Our research shows that there are no significant problems with HMAC SHA-1.
However, HMAC SHA-3 and HMAC SHA-2 are preferable.
Especially HMAC SHA-2 256-bit, 512-bit, and 384-bit.
HMAC SHA-3 are the most secure ones.
One thing that we would like to specify here is that there is no need of any hash authentication if a system is using AES-GCM cipher.
PFS or Perfect Forward Secrecy
This feature is present to make sure that each session gets to enjoy new, unique and freshly created encryption keys.
We don’t think that the OpenVPN protocol is anywhere near safe enough if the VPN service does not make use of Perfect Forward Secrecy.
Implementing Perfect Forward Secrecy is not that difficult.
All that one has to do is to include ECDH or Differ-Hellman key exchange along with an RSA handshake.
It is also okay to use ECDH or DH handshake.
The last thing we want users to remember is that any given encryption suite implementation is only as powerful as the suite’s weakest link.
In other words, VPN services should make sure that they use strong encryption settings on both their control and data channels.
It is always a good idea to use higher bit lengths when it comes to keys and ciphers.
We say that because longer ones always provide more security.
Of course, the speed will suffer when using lengthier keys and ciphers.
The other thing users need to know about the OpenVPN protocol is that, it may negotiate different ciphers between server and client on its own.
If the system has not defined specific parameters, then OpenVPN will simply default to its weakest settings.
We know, strange.
At the bare minimum, OpenVPN likes to default to HMAC SHA-1 hash function authentication, RSA 1024-bit handshake along with no Perfect Forward Secrecy and Blowfish 128-bit.
This was a long read.
Hopefully, you read it all.
If you did, congratulations.
You are a master now.
If you skipped everything then congratulations as well.
Now you should have a more comprehensive understanding of VPN connections and what actually makes them secure.
We would like to leave you with the thought that whenever we’re talking about VPNs and properly configuring them, then the encryption part is only a part of the full story.
There are lots of other halves.
And the user needs to pay attention to them to make sure that there is not a single bit of data that leaves or enters the user’s computer machine without the protection of a VPN connection.
There is a lot more to learn.
Just stay tuned to Security Gladiators for more information.
After all of this which VPN service should I sign up for?
We have talked in detail about the things users should watch out for when it comes to VPN services and especially encryption.
As you can probably tell, the subject is vast.
Now, there are many ways you can move forward from here when trying to search for the perfect VPN service.
You can take all the advice we have given you here and then apply it to each and every VPN service that you come across.
That should help you to figure out if the VPN service that you are so interested in is really worth it or not.
You can do that.
And you can do it again for another 100 VPN services.
Or you can just take our word for it.
And not because you have done so much by reading this guide.
We say it because here at Security Gladiators, it is our job to scour the internet and search for the best VPN service providers in the world today.
We have reviewed each and every top VPN service provider in the world.
You can take advantage of all the hours that we have put into research.
And know that the best VPN service provider that takes care of all the things that we have mentioned in this guide is IPVanish.
We know, we could have told you that in the beginning as well.
But now you know why we say that IPvanish is the best.
In terms of implementing the best possible encryption suite, there is no VPN service better than IPVanish.
However, IPvanish is not the best because it is the most secure.
It is the most secure and it is,
- Well reputed
Along with that, the company has a strict zero-log policy.
In other words, it has no way to know what the user is doing online.
The company also offers users a 7-day official money-back guarantee.
So the user doesn’t have to take any risk whatsoever when signing up for IPvanish.
You can sign up for IPVanish right here and right now and that too from the official website by
Of course, you are free to make up your own decision on which VPN service provider is the best.
Here is our guide on top 10 VPN service providers.
What’s next then?
Well, we have already told you the best VPN service is the world.
So half your job is done.
The next steps should involve our reader, that is you, reading up some more on what a VPN is and what does it do.
We have some great guides on our site.
One of them is this, where we take you through each and everything that a VPN user needs to know about a VPN service.
Did you find this guide useful?
Do you have any problems in searching for the best VPN service provider?
What are your thoughts on how important a role encryption plays in the general workings of the internet?
Do let us know by using the comments section below.
After publishing our guides, we are mostly free.
In other words, we are all ears now.
So talk to us.
2 thoughts on “VPN Encryption: The Most Complete Edition With Images”
I use PureVPN. Pretty fast, secure, encrypted, and easy to use VPN.
Thank you for the comment Amy.
We’re glad PureVPN is working out for you.