A Virtual Private Network (VPN) is a privacy and security tool that encrypts all data that is transmitted between your device and a VPN server. In this article, we give a detailed explanation of encryption technology and how VPN providers use it to offer you privacy and security.

We also define several often-confusing terms used by VPN providers. Some providers tend to hurriedly gloss over these terms, perhaps in a deliberate effort to mislead unwitting potential customers.

A complete guide to VPN encryption - hand turning encryption nob

Our aim is to improve your understanding of this extensive subject so that you can make an informed decision when considering which VPN provider to use.

Before we begin, note that we’ll use the terms “device” and “computer” interchangeably in this article to refer to web-enabled devices including smartphones, tablets, laptops, and desktops. We’ve tried to make the guide as simple as possible. Nonetheless, the truth is that encryption is a complex subject, so we may get a bit technical at times.

The Basics of Encryption

The easiest way to understand encryption is to think of it as a lock. With the right key, you can easily open a lock. The lock is used to protect the contents of a strong box (in this case, your data), and if someone doesn’t have the right key to open the lock and access the data, they may attempt to break the lock. One type of encryption varies from other types, in the same way the lock securing a suitcase is not as strong as one securing a bank vault.

Another way of understanding encryption is thinking about the game “secret message,” which you probably played as a kid. In the game, you substituted one letter with another using a secret formula to create the secret message. For example, you might have substituted each letter in your original message with a letter that was four positions in front of it in the alphabet. Anyone with whom you shared the formula or who worked it out could read the secret message.

In cryptography terms, what you did by switching the letters in your message (data) was “encrypting” it by using a simple mathematical algorithm. The algorithm is referred to as a “cipher” by cryptographers. You need a key to “decrypt” the message; that is, to return it back to its original form to read it. The key is a variable parameter that defines the cipher’s final output. Decrypting the cipher is impossible without this parameter.

If someone doesn’t have the key but wants to read an encrypted message, their only option is to “crack” the cipher. Cracking is not difficult in the case where a simple letter substitution was used to encrypt the message. Making the cipher (the mathematical algorithm) more complex makes the encryption more secure. For example, you could substitute each letter in the message with a number that corresponds with the position of the letter in the alphabet.

Length of Encryption Keys

Current ciphers rely on highly complex algorithms that are extremely hard to crack. The time it would take a supercomputer to crack these ciphers would render the efforts impractical. The complexity of the algorithm behind a cipher is the simplest way of measuring its strength.

Increasingly complex algorithms make a cipher increasingly difficult to crack by way of a “brute force” attack, which is a primitive method of cipher-cracking technically referred to as an exhaustive key search. It works by trying every possible number combination until the right key is discovered.

You probably know that computers use binary digits (ones and zeros) to perform all calculations. A cipher’s complexity relies on its size in bits, i.e. the number of ones and zeros required to express the algorithm. A single bit comprises of a one or a zero. As the size of a cipher increases, the number of possible combinations (and thus, its impenetrability) increases exponentially, as follows:

  • 1-bit cipher: 2 possible combinations
  • 2-bit cipher: 4 possible combinations
  • 8-bit cipher: 256 possible combinations
  • 16-bit cipher: 65,536 possible combinations
  • 64-bit cipher: 1.8 x 10^19 possible combinations
  • 128-bit cipher: 3.4 x 10^38 possible combinations
  • 192-bit cipher: 6.2 x 10^57 possible combinations
  • 256-bit cipher: 1.1 x 10^77 possible combinations

To fully appreciate this concept, consider the following:

  • Fujitsu K, the fastest existing supercomputer in 2011, had a 10.51 petaflops peak speed. It would have taken the supercomputer 1.02 x 10^18 (one quintillion or one billion billion) years to break into a 128-bit Advanced Encryption Standard (AES) key using a brute force attack. The universe, which is 13.75 billion years old, hasn’t even been around that long.
  • The most powerful supercomputer in the world in 2017, with its 93.02 petaflops peak speed, would have taken 885 quadrillion years to crack the 128-bit AES key using a brute force attack.
  • To crack a 256-bit cipher, the number of operations required by a supercomputer is 3.31 x 10^65, which is about the number of atoms in the universe.

VPN Encryption and VPN Protocols

A VPN protocol is a set of rules and instructions that two devices use to settle on a secure encrypted connection between them. Commercial VPN services support a wide range of such VPN protocols, the most widely used being L2TP/IPSec, PPTP, SSTP, OpenVPN, and IKEv2. The industry standard VPN protocols for commercial VPN services is OpenVPN, but we’ll analyze each of the ones mentioned.

  1. PPTP (Point-to-Point Tunneling Protocol)

Advantages

  • Easy to install
  • Has a client built into almost all device platforms

Disadvantages

  • Not secure
  • Easily blocked
  • Has been compromised by the NSA

PPTP functions only as a VPN protocol, and it uses a range of authentication methods for security. For PPTP, commercial VPN providers typically use MS-CHAP v2 as the authentication method and Microsoft Point-to-Point Encryption (MPPE) as the encryption protocol.

This protocol was created by a Microsoft-founded consortium to develop VPN over dial-up networks. Corporate VPN networks have since been using it as the standard protocol.

Nearly all VPN-enabled devices and platforms support PPTP, which is easy to install, without having to set up additional software. For that reason, the protocol remains popular among commercial VPN services and business VPNs. Another plus for PPTP is that implementing it requires a low computational overhead, meaning that it is fast.

On the downside, however, PPTP offers absolutely no security. Even though it now uses only 128-bit encryption keys, experts have revealed its numerous security vulnerabilities since 1992 when it first came built into Windows 95 OSR2.

Among these vulnerabilities, the most serious is the likelihood of an MS-CHAP v2 authentication that is un-encapsulated. Within two days, this exploit can be used to crack PPTP. Microsoft has since patched the flaw, but recommends using SSTP or L2TP/IPSec instead.

That the NSA cracks PPTP-encrypted communicated with ease comes as no surprise. Even more unsettling is the fact that the agency gathered massive amounts of older PPTP-encrypted data that was considered secure back then, and it would have no difficulty decrypting this legacy data too.

PPTP requires both the GRE protocol and TCP port 1723. As a result, blocking PPTP connections is easy because of the ease with which GRE can be firewalled. Avoid using the PPTP protocol unless it is necessitated by the need for compatibility.

  1. L2TP/IPSec (Layer 2 Tunneling Protocol/IPSec)

Advantages

  • Easy to install
  • Moderately secure
  • Somewhat faster than OpenVPN
  • Clients on all current device platforms

Disadvantages

  • Possibly weakened by the NSA (not proven)
  • Might have been compromised by the NSA (not proven)
  • Usually poorly implemented
  • Some issues with restrictive firewalls

Nearly all VPN-capable devices and current operating systems have L2TP/IPSec built into it, meaning setting that it up is just as quick and easy as PPTP. This protocol doesn’t encrypt and anonymize traffic, so it’s used in combination with IPSec authentication to create L2TP/IPSec. If a provider mentions L2TP or IPSec only, they are usually referring to L2TP/IPSec.

The protocol is compatible with AES and 3DES ciphers, but you’re not likely to come across 3DES nowadays because it’s vulnerable to Sweet32 and Meet-in-the-Middle attacks. The limit to the number of ports that L2TP/IPSec uses might present some problems, such as hitches when used under NAT firewalls and susceptibility to blocks.

L2TP/IPSec can be slow because it encapsulates data twice. However, it makes up for it by allowing multi-threading and encrypting/decrypting within the kernel, things that OpenVPN doesn’t do. That means that L2TP/IPSec is faster than OpenVPN, at least in theory.

When L2TP/IPSec employs the AES cipher and is implemented correctly, it doesn’t have any known vulnerabilities, although Edward Snowden did strongly hint that the NSA had compromised the standard, and some experts believe that the agency deliberately weakened IPSec during the design stage.

Perhaps the most worrying issue with L2TP/IPSec is that VPN services tend to implement it poorly, using pre-shared keys (PSKs) which someone can easily download from their websites. Granted, AES encryption still secures your data even if the PSKs used for authentication are compromised.

The bottom line is that, provided pre-shared keys are not openly published, L2TP/IPSec is still considered adequately secure despite some issues which are by and large theoretical.

  1. SSTP (Secure Socket Tunneling Protocol)

Advantages

  • Complete Windows integration
  • Supported by Microsoft
  • Highly secure
  • Bypasses a majority of firewalls

Disadvantages

  • Microsoft-owned proprietary software

SSTP is similar to OpenVPN in that it uses SSL, meaning it gets around censorship using TCP port 443. It offers more stability than OpenVPN on Windows because it’s tightly integrated into the operating system.

The disadvantage of SSTP is that it is a Microsoft-owned proprietary standard, meaning the code cannot be scrutinized publicly. Furthermore, many people aren’t confident in the standard because Microsoft is known for cooperating with the NSA and there’s speculation that the company may have built possible backdoors into its platform.

First introduced in Windows Vista SP1, SSTP is now available for Mac OS X and Linux despite it being a platform tailored primarily for Windows.

Another concern is the vulnerability of SSL v.30 to “POODLE” attacks, which is why experts don’t recommend it. It’s not yet clear whether SSTP is affected by this, and that has further eroded confidence in the standard.

SSTP appears to be almost as good as OpenVPN on paper, but its credibility suffers because it’s a proprietary standard by Microsoft.

IKEv2 (Internet Key Exchange version 2)

Advantages

  • Stable, especially when reconnecting after a dropped connection or when switching a network
  • Fast
  • Easy to install
  • Secure (When used with AES)
  • Also supported by Blackberry devices

Disadvantages

  • Can only be trusted with open source implementations
  • Tricky to implement (potential development issues)
  • Unsupported on several platforms

The development of IKEv2 was a joint effort by Cisco and Microsoft. In addition to Windows 7+ devices, IKEv2 is also supported by iOS and Blackberry devices.

Developers have built independent versions of IKEv2 for other operating systems, such as Linux, and a number of those versions are open source. As mentioned earlier, be wary of proprietary technology by Microsoft. However, you need not worry about the open source iterations of IKEv2.

Referred to as VPN Connect by Microsoft, this standard is highly effective at automatically reconnecting to a VPN in case of a temporary loss of the connection, such as when you enter and leave a train tunnel.

When it comes to changing networks, IKEv2 is highly resilient due to its support for the Mobility and Multihoming (MOBIKE) protocol. It is, therefore, the ideal standard for users who frequently migrate hotspots and often switch between mobile and home connections.

Lack of support on many platforms that are L2TP/IPSec means IKEv2 is not as common. Nonetheless, it is considered as good as, if not better than, L2TP/IPSec in terms of establishing/reestablishing a connection, speed/performance, and security.

In summary, this protocol is fast and secure. Thanks to its ability to easily reconnect to the Internet, IKEv2 is popular with mobile users. It’s the sole option available for Blackberry users. We recommend using the open source versions of the standard.

OpenVPN

Advantages

  • Easy to configure
  • Highly secure (When used with PFS)
  • Bypasses firewalls
  • Open source

Disadvantages

  • Requires third-party software

OpenVPN is an open source VPN protocol that uses TLS protocols and the OpenSSL library, among other technology, to provide a highly reliable and robust VPN solution. There are several reasons why it is the industry standard employed by commercial VPN providers.

Many contributors and developers of the OpenVPN protocol are employees at OpenVPN Technologies Inc., the company that oversees the entire project.

The protocol can be used on any port, but it runs best on a UDP port. It’s also commonly run on TCP port 443, which is frequently employed for HTTPS traffic. OpenVPN is extremely difficult to block because it is hard to differentiate OpenVPN run over TCP port 443 with secure connections used by online retailers, email services, and banks.

This protocol is also advantageous because it uses the OpenSSL library, which supports a variety of ciphers. However, in practice, commercial VPN services use only AES and Blowfish ciphers. According to reports by Edward Snowden, it appears that provided it uses Perfect Forward Secrecy, OpenVPN has not been weakened or compromised by the NSA. There are no known vulnerabilities that put users of OpenVPN at risk. Some vulnerabilities that made the protocol potential open to DDoS attacks were patched in OpenVPN 2.4.2.

Data security experts consider OpenVPN to be the most secure VPN protocol in the industry, which explains its wide support in the industry. It is, therefore, our most recommended protocol.