If you have been researching VPN software, you have certainly stumbled upon the word encryption.
Encryption is the main security measure that computers, websites, and networks use to protect sensitive data.
MIT defines encryption as:
“a method of securing data by scrambling the bits of a computer’s files so that they become illegible. The only method of reading the encrypted files is by decrypting them with a key; the key is unlocked with a password.”
Encryption is code for secret code.
It is basically a way of putting all your information into a secret code so that bad guys can’t steal your sensitive information.
You may be thinking that encryption seems like a topic reserved for computer scientists and spies. Fair enough, encryption is extremely complex. But the basic concept is simple to understand.
We will take a look at how encryption works, how it partners with VPN, and the main encryption protocols VPNs use to protect your data.
How Encryption Works
The idea of encryption comes from the science of cryptography. This is the practice of putting a message into a code. Before computers, this use of secret codes happened by substituting or transpositioning letters and numbers.
Messages sent between governments and spies in times of crisis would be sent in code in case the messages would get placed in the wrong hands. They would look or sound like nonsense. The people using the secret code had a cipher. This cipher was the tool to know how to unmuddle the message.
With the rise of computers and digital technology, the need for more advanced coding grew. Encryption now uses advanced algorithms for disguising data.
There are two components that make up encryption. These are the algorithms and the key. The key is the modern cipher. It informs the computers of which algorithm to use to unlock the code.
On top of that, there are two types of encryption.
- Symmetric key encryption: Two computers sending and receiving information from each other must have the same key.
- Public key (or asymmetric key) encryption: A key that can be sent from one computer to any other computer. This style uses double-layered encryption, using both public and private key.
Let’s use non-computer examples to help explain.
With symmetric-key encryption, it’s like your friend has a safe they can put important things in. The safe has only one key to it. Your friend can open the safe with the key and they can loan the key to anybody they trust to open it as well. With symmetric-key encryption, there is only one key needed to lock and unlock sensitive information.
Public key encryption uses two keys. Imagine your friend has a box with a more advanced lock that requires two keys. One of the keys is “private”. Only your friend keeps this copy. But the other key has many copies. Your friend gives them out to everybody. This key is “public.”
When you want to leave your friend a letter in her box, you can use the public key she gifted you to lock it. When she wants to open it, the second layer of the lock requires her private key. Only she can open the box with her private key.
If she wants to use her box to send something to you, she can place her letter to you in her box, lock it with her private key and you can open it with your public key. You know this letter is from your friend not because of her handwriting, but because she is the only person in the world with that private key to lock the box. This is her digital signature.
In the physical world, keys are usually made of metal. In the digital world, keys look like a string of long numbers.
This method was developed in the 1970s before the World Wide Web and now is the major security feature to protect our online information.
One of the developers of the RSA algorithm which was the first protocol for public key encryption, Ron Rivest, said:
“In the late 1970s, we didn’t even have the World Wide Web, it was impossible to imagine that our method would become what it is today. Right now, each time we make an online purchase, the transaction’s security is based on our encryption technology.”
Encryption and Virtual Private Networks
Now that you have a grasp on encryption, let’s get back to the VPN and how the two work together.
A VPN –Virtual Private Network– is a great way to protect your privacy. A VPN uses virtual tunnels to transmit your encrypted data.
When you use your VPN, you send your information to a server.
This server verifies you, the sender, and then converts your information into the encrypted code. This encrypted code is then sent to the receiving computer and is decrypted.
The encryption makes sure that the information sent stays confidential. Even if someone is able to access your tunnels, they will not be able to interpret the information.
Not all VPNs and encryption methods are made equal. There are many different algorithms to create different codes. Some are more secure than others. Security relies on more than just having the right keys to the code. It relies on protocols.
Understanding the Encryption Protocols
Protocols are a set of rules for how information can be communicated between different parties. This includes the syntax, semantics, and other methods that are happening through hardware or software.
With encryption, protocols determine how algorithms should be used to keep data transfers secure. Encryption protocols designate the methods of encryptions such as:
- Key agreement
- Secured application level-transport
- Secret sharing methods
VPN protocols outline many different elements to making a VPN highly secure and speedy. VPN protocol elements include:
- Tunneling methods and ports used
- Encryption protocols
- What systems it can work with
Before jumping into the most popular VPN protocols, it will be helpful to explain encryption protocols. Think of encryption protocols as very important sub-protocols for the VPN protocols.
It won’t do much good to read about what type of encryption protocols the VPN protocol uses if you don’t understand what they are. They are usually named with some letters and numbers put together. It can be easy to skip over them because they don’t look like English.
But the acronyms and numbers do mean something. We will briefly explain some of the most common encryption protocols. All of these are used by the VPN protocols that we later explain.
Encryption Protocols for VPN
It is important to understand which encryption protocols your VPN service uses.
You probably don’t want codes that have been around for 20 years because hackers know there way around the algorithms. You want a VPN that has the most complex and updated encryption protocols to keep your identity secure.
A VPN can choose from various encryption protocols like:
Internet Protocol Security (IPSec) is considered a security protocol suite. It is responsible for setting the standards for encryption, authentication, access control, connectionless integrity, protection against replays, and other forms of confidentiality.
Generic Routing Encapsulation (GRE) determines how to package the data being sent over the Internet protocol (IP). This lays out information on what type of data packets will be encapsulated and how it will be sent between the computers.
Point-to-Point Protocol provides a layered connection between two nodes. It can work with authentication, encryption, and compression. Data is encapsulated when transferred.
Microsoft Point-to-Point Encryption uses PPP to transfer data across VPNs. It uses the Rivest-Shamir-Adleman (RSA) algorithm to encrypt data. It supports 40-bit and 128-bit keys.
Secure Sockets Layer (SSL) is an encryption protocol that aims to keep information secure when being transferred between computers and networks. It uses the HTTPS method. Recently, a flaw has been detected with SSL 3.0 that could open up user security to risk.
Triple Data Encryption Algorithm is two decades old and officially on the path to retirement. It will no longer be allowed in 2023 for security reasons. This encryption method has been used for finance and private industries to protect credit card information and other payment transactions. It works by ciphering symmetric key-blocks in three stages. Because 3DES is a grandpa of encryption protocols, hackers have been able to exploit its vulnerabilities.
AES-128 and AES-256
Advanced Encryption Standard (AES) was developed to replace the vintage Data Encryption Standard (DES) that was released in the 1970s. It uses a block cipher algorithm. It is free for any public or private, commercial or non-commercial use. We won’t jump into the technicalities of how AES-128 or AES-256 work, but you should know what the 128 and 256 represent the algorithm key length respectively.
The important thing – what matters most to you – is that these are the most respected encryption protocols used today. The US government, Apple, Microsoft, and most VPNs use these protocols.
Main VPN Protocols and Their Encryption method
Now that we got encryption protocols out of the way, let’s take a look at some of the most well-known VPN protocols and the encryption standards they use.
Here are the five most well-known VPN protocols. We will explain the basics of each of these elements.
Point-to-Point Tunneling Protocol is a simple method for ensuring that data transferred between two nodes goes through a tunnel. This VPN protocol was released in 1995 and is one of the oldest, if not the oldest protocol, still in use today.
Encryption: It uses PPP and MPPE.
Support: This protocol was supported by Windows Dial-Up, Linux, and OS X back before the internet and everything digital exploded. Today, it can still be supported by almost any desktop and mobile system.
Speed: This protocol has legitimate security vulnerabilities but is the fastest protocol.
Security: This is the oldest protocol and is known to have big security vulnerabilities. It works, but if your priority is top security, maybe you should consider alternative options.
Layer 2 Tunneling Protocol (L2TP) is a popular VPN protocol that serves as a recommended upgrade to PPTP for Microsoft services. It uses double encapsulation of data.
Encryption: It is usually paired with IPSec, 3DES, or AES.
Supported OS: Windows OS, iOS, Android, Mac OS X
Speed: The double encapsulation slows this protocol down compared to other protocols, though maintains a medium speed.
Security: L2TP is considered secure by professionals and has no known major security gaps.
Internet Key Exchange Version 2 is a tunneling protocol. This is considered to be one of the safest and most stable protocols for mobile users today. This protocol is stable for reconnecting when the wifi shuts down momentarily or switching networks. If you use a VPN in areas where service is spotty, consider this protocol.
Encryption: It uses AES-256 and IPSec.
Supported OS: IKEv2 is supported by almost all platforms today including, Windows 7+, Cisco routers, macOS, iOS, and more. This protocol is unique because it also supports Blackberry devices.
Speed: It is fast compared to other protocols.
Security: This is a highly secure protocol.
OpenVPN is an open source VPN protocol that is highly recommended among experts.
OpenVPN can be configured in different ways. Depending on your priorities and uses for your VPN, you can determine which features you choose to enhance security or speed.
Supported OS: It is supported on Windows OS, iOS (manual), Android, Mac OS X, and more.
Speed: OpenVPN has high speed. It can maintain fast velocity across long distances.
Security: OpenVPN is considered very secure. Because of it’s open source nature, there have been many different audits and no major security risks have been found.
Ports: Though we did not address the ports for the other protocols, we would like to for OpenVPN. OpenVPN can connect with port TCP 443, which is helpful when evading censorship in very restrictive countries.
Secure Socket Tunneling Protocol is the most modern VPN protocol developed by Microsoft. PPTP and L2TP still have there place in VPN, but SSTP is the better version. It is more secure and faster than Microsoft’s previous protocols. SSTP is known for getting around firewalls.
Encryption: This protocol uses SSL 3.0 encryption. SSL 3.0 is an old encryption protocol and has raised doubt among professionals of its security.
Supported OS: SSTP is only supported by Windows, Linux, and FreeBSD. It is built into Windows systems like Vista, 7,8, 10.
Speed: Faster than PPTP and L2TP
Security: Only Microsoft knows the details of the protocol so it is as secure as much as you trust Microsoft. Microsoft has shared user data with NSA and there are suspicions of other serious vulnerabilities. It cannot be audited independently because it is privately owned.
Ports: SSTP also connects with TCP Port 443 to help those getting around strict censorship.
Moving Forward With Your Privacy
You are the only one who can protect your data.
Encryption is the main way to ensure your privacy. One way to easily encrypt your information is by using a VPN.
When you research different VPNs, all the information can be overwhelming. Hopefully, this guide on encryption, encryption protocols, and VPN protocols will help you understand your options more clearly.