If you have ever ventured into the wonderful world of VPNs then you probably noticed all the fuss they make about encryption, boasting terms such as AES, RSA, SHA, 128-bit or 256-bit. Before you buy into any service just because they advertise big numbers, you should know that encryption is strongly tied to your choice of protocol. This is a rather complicated subject: there are many variables, which can get very confusing, very quickly. From data encryption to handshake encryptions and data authentication, these need to be taken into account in order to achieve a connection that is both fast and secure. If you want your VPN to be perfectly tuned to face the many waves of privacy attacks on the internet, then knowing all about these different VPN encryption types could be the secret to success.
VPN Encryption Types
AES: Data Encryption
AES, which stands for Advanced Encryption Standard, is the most popular encryption type worldwide, and has been adopted by the U.S. government since 2002. It was first called Rijndael and it features three different key lengths: 128, 192 (this one is far less common) and 256 bits. AES is divided into 10 cycles of repetition for 128-bit keys, 12 cycles for 192-bit keys and 14 cycles for 256-bit keys. The key size used for an AES cipher specifies the number of repetitions of transformation rounds that convert the input (called plaintext) into the final output (or ciphertext). In a nutshell, the stronger the protection the slower your connection will be, in much the same way as protocols. In general, 128-bit is safe enough since even the NSA couldn’t break it through brute force, but 256-bit represents even more protection with hardly any extra speed loss. The most common and default combination you’ll see is AES with OpenVPN or, in other words, the best match between speed and safety.
RSA: Handshake Encryption
This is the encryption used to establish a strong connection and avoid ending up on an attacker’s server. In other words it securely negotiates a VPN connection. In such a cryptosystem the encryption key is public, although the decryption is done secretly. RSA stands for the initial letters of the surnames of its inventors, back in 1977. Ron Rivest, Adi Shamir, and Leonard Adleman designed this system to basically act as an encryption and digital signature algorithm used to identify TLS/SSL certificates, and is divided into three main key encryptions. RSA-1024 was cracked by the NSA in 2010, which ultimately led to the internet adopting an upgrade of the SSL certificates to RSA-2048. This one is considered quite secure and is now the usual default for the majority of VPN providers, although there are cases where you can opt for the stronger RSA-3072 or even RSA-4096 encryptions.
Best VPN Services of 2019
|Editor's Choice 2019|
SHA: Data Authentication
Secure Hash Algorithm – SHA – is a cryptographic hash function that works as the message authentication algorithm with which all of your data is authenticated on SSL connections (including OpenVPN connections) and its sole purpose is to protect you from active attacks. Simply put, SHA creates a unique print of a valid SSL certificate that can be authenticated by any OpenVPN client. If that certificate is interfered with in the slightest then it will be detected and the connection is immediately refused. The most commonly used version of SHA is SHA-1 (160-bit) which also provides the fastest connection.
However, this certificate has been broken, a fact that led companies like Microsoft, Mozilla and Google to inform their respective browsers that they no longer accept this kind of SSL certificate as of 2017. However, if you have packet authentication enabled, the use of HMAC (Hashed Message Authentication Code) SHA-1 for OpenVPN is still safe: this is much less vulnerable than the standard SHA-1 hashes since someone would need to break HMAC in the first place and then start brute force collision attempts against the hash itself. Still, we recommend opting for the newer version, SHA-2, if available.
Recommended VPNs With Strong Encryption
NordVPN is one of the best VPNs on the market regarding privacy and security. We’ve chosen it as a good suggestion due to its SSL 2048-bit double encryption. That’s right, double encryption. This means that your connection speed will probably be affected since encryption is stronger. However, from a safety point of view, this is one of the most secure services since your data will be protected by making use of a two-node server link that locks down inbound and outbound data. The trick used by NordVPN is the AES-256-CBC (Cipher Block Chaining) encryption that is applied not once, but twice. It also supports OpenVPN, PPTP, L2TP and IPSec protocols and extra security features such as safety notes and an encrypted chat.
Private Internet Access
Private Internet Access, also called PIA, is currently one of the most praised VPN providers among users and another good choice regarding online security and safety. Besides featuring one of the most extensive server networks on the market it makes use of high grade encryptions such as the “cryptographically secure Blowfish CBC algorithm”. When connecting with the OpenVPN protocol, it will be able to secure all your data transmissions. In addition to this, IPSec, L2TP, PPTP and SOCKS5 technologies are also supported as PIA can assure you a pretty decent protection for both your computers and mobile devices.
Last but not least is our suggestion of ExpressVPN. In fact, this is yet another top VPN provider that will guarantee that all your data is efficiently protected. In order to do so, it makes use of an AES 256-bit encryption, a safe and popular solution. In addition, this VPN service also uses RSA certificate with a 4096-bit key and identified by SHA-512 (or, in other words, a hashing algorithm from the SHA-2 group). Besides relying on solid encryption, it also enables the choice between OpenVPN (TCP and UDP), L2TP, IPSec, SSTP and PPTP protocols, for either better speed or higher security demands.