Everything You Wanted to Know About VPN Encryption But Were Too Overwhelmed by Techie Jargon to Ask

October 17, 2016

Author: Stephen Lee

They say that a VPN is only as good as its encryption capabilities, but encryption in itself is not the simplest of topics. The terminology used to determine how secure a VPN connection is, can get very confusing, very quickly. Slapdash to the point of being misleading, many VPN providers describe the encryption they use in a telegraphic manner or worst, they don’t describe it at all.

Eavesdroppers are kept away, when using a VPN app. that encrypts your data and cloaks your IP address and it’s important to know how secure your VPN really is by simply becoming acquainted with jargon.

OPEN VPN CYPHERSPretty impressive, huh?

For the sake of the argument, it is worth mentioning that given sufficient time, a brute force attack is capable of cracking any known algorithm.

With this in mind, here’s the actual math of the number of years it would take to crack 128- bit AES (notice the exponential increase depending on the key size!)

No. of Years to crack AES with 128-bit Key = (3.4 x 1038) / [(10.51 x 1012) x 31536000]

= (0.323 x 1026)/31536000

= 1.02 x 1018

= 1 billion years

Of course AES is not perfect, but hey! math doesn’t lie and the fact that governments and businesses place a great deal of faith in the belief that AES is so secure that its security key can never be broken, despite some of its inherent flaws and that it has been a standard coined by the U.S. National Institute of Technology (NIST) since 2001, it’s no insignificant detail.

A VPN is only as good as its encryption capabilities.

Wikipedia defines encryption as being the process of encoding data in such a way that only authorized parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating cipher text that can only be read if decrypted.

For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, large computational resources and skill are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Simply put the above statement can be summarized in the idea that encrypted data can be decoded only with the right decoder.

An encryption key tells the computer what computations to perform on data in order to encrypt or decrypt the data.

There are two main encryption models:

Symmetric-key encryption, based on the same key used to both encrypt and decrypt a message shared among all users.

Public-key encryption, each computer (or user) has a public-private key pair. The private key from one computer (or user) encrypts the message, while the other computer uses the corresponding public key to decrypt that message.

The Tunnel, a Matrioshka of filesENCRYPTION PROTOCOLSEncapsulated Security Payload (ESP) encrypts the packet’s payload (the data it’s transporting) with a symmetric key.
Authentication Header (AH) uses a hashing operation on the packet header to help hide certain packet information (like the sender’s identity) until it reaches destination.

VPNs use IPSec in tunnel mode with IPSec ESP and IPSec AH working together.

In a remote- access VPN, tunneling typically relies on Point-to-point Protocol (PPP)

However, when trying to determine the VPN app. of choice for you, you might meet one of these three protocols based on PPP:

L2F (Layer 2 Forwarding)?—?Developed by Cisco; uses any authentication scheme supported by PPP;

PPTP (Point-to-point Tunneling Protocol)?—?Supports 40-bit and 128-bit encryption and any authentication scheme supported by PPP;

L2TP (Layer 2 Tunneling Protocol)?—?Combines features of PPTP and L2F and fully supports IPSec; also applicable in site-to-site VPNs

SECURE SHELL?—?SSH

SSH, also known as Secure Socket Shell, is a network protocol that provides administrators with a secure way to access a remote computer. SSH also refers to the suite of three utilities that implement the protocol:?—?slogin, ssh, and scp?—?that are secure versions of the earlier UNIX utilities, rlogin, rsh, and rcp.

Secure Shell provides strong authentication and secure encrypted data communications between two computers connecting over an insecure network such as the Internet. SSH is widely used by network administrators for managing systems and applications remotely, allowing them to log in to another computer over a network, execute commands and move files from one computer to another.

At its core, Secure Shell (SSH) is a UNIX-based command interface and protocol for securely getting access to remote computers. SSH allows you to connect to your server securely and perform Linux command-line operations.

SSH commands are encrypted and secure in several ways. Both ends of the client/server connection are authenticated using a digital certificate, and passwords are protected by being encrypted.

My IP.io comes bundled with a variety of VPN encryption protocols, supporting all the latest security protocols including SSTP, PPTP, IPSec, L2TP, SSTP and 128bit –AES, OpenVPN cipher.

When you use the MY IP.io app, you can easily switch between protocols, although it’s recommended that you stick with defaults.

Website: www.myip.io