Perhaps the most prominent feature of VPNs (Virtual Private Networks) is encryption. The primary role of this type of software is to make you invisible on the Web. This is done by concealing your data – or encrypting. In fact, VPN encryption is one of the toughest security measures that make sure your data doesn’t end up in the wrong hands.
You are most probably reading this article because you want to know more about VPN encryption. You want to learn how it works, what is it capable of doing, as well as what are the differences between different encryption protocols. We will cover all those questions, so let’s dive right in.
We’re Surrounded By Privacy Violations
I hate to be the one to tell you, but as you sit there in your comfy chair, there are a million eyes on you. Watching what you do, where you go and figuring out what you’re thinking. Your personal information is a gold mine for large companies and for governments who may want to stop you from exercising your rights.
The way that most people use the Internet exposes them to their Internet service providers (ISPs), search engines, website owners and, of course, hackers on both sides of the law. They can use that information against you in a lot of different ways.
First of all, the address of your Internet router can be linked to your name and physical address, which means it’s possible to trace what you do on the Internet to your real location. That’s a horrifying thought. Secondly, even if your lack of privacy doesn’t come back to haunt you directly, your private information is being sold to corporations, marketing companies and whoever else has the money to pay for it. This is how they create formulas to know what we’ll buy, what we’ll do and even how we’ll vote!
We don’t know about you, but we don’t feel comfortable with some faceless company buying our personal info for their own financial gain. Surely, there must be some way to protect yourself from these dark forces and assorted marketing people?
VPN Encryption Comes To the Rescue
These privacy fears have been driving people to look for solutions wherever they can find them. There’s a whole industry of products that have sprung up with the purpose of providing you with security, anonymity, and privacy. From using a Tor browser to hiring a seedbox for peer-to-peer file transfers, everyone is willing to sell you something to make you feel better about your Internet privacy.
The solution that is being sold as the ultimate, fire-and-forget, cure to privacy worries is the VPN or virtual private network. One of a VPN’s primary weapons against the prying eyes of the world is its encryption. While you’ve probably heard the word ‘encryption’ before, the age of Internet privacy concerns makes understanding it more important than ever. So before we dive into the role that encryption plays in the context of a VPN, we need to talk about what encryption means in general.
Ustjay Ikelay Igpay Atinlay
Did you understand that phrase? Look at it again: Ustjay ikelay igpay atinlay!
At first glance, it looks just like gibberish, but if you happen to know how to speak pig latin, you’ll know that it’s just regular English that’s been modified a little. All you do is take the first letter of a word, stick at the end and then put ‘ay’ on there for good measure.
Once you know how it works, you can unscramble the words and get ‘just like pig latin.’ It’s a very simple way to hide what you’re saying, sure. But if you looked at it long enough, you’d probably figure it out for yourself. It works well as an example though, because pig Latin is actually a very simple form of encryption.
Early Beginnings: The Enigma Code
If you and your friend owned walkie-talkies when you were kids, you could talk to each other over long distances whenever you wanted to, without paying a cent. The problem is that anyone else with a radio tuned to the same frequency can listen in on your conversation! So you either have to stick to a conversation you don’t mind being overheard, or you have to speak in person to avoid eavesdroppers.
Alternatively, you and your friends could both learn pig Latin and then make sure your radio conversations only make sense to listeners that understand it. Sure, everyone can still intercept your transmission, but they have no way of knowing what’s being said without knowing how pig Latin works.
Funnily enough, the Germans had exactly the same problem in the Second World War. You see, it’s not the best situation to be in when the people you’re having a war with just have to switch to the radio to know exactly what you plan to do. Still, radio had way too much promise in a world where the height of battlefield communication technology was a pigeon.
Carrier pigeons played a central role in the previous war, but take a long time to reach their destination, can be shot down easily. So the Germans invented their own (much more complicated) version of pig Latin known as the Enigma Code. It was a pretty complicated way to scramble and unscramble their messages. Before transmitting the message, they’d feed the information into an enigma machine and out comes a seemingly random jumble of letters. Let us show you how this works, by using this nifty Enigma emulator.
First, we put in the text THISISHOWWEMAKEOURSTUFFSECRET. The three mechanical rotors of the Enigma machine take that message and spit out: JNOTWDCEBNKVORKXLWEYLWREJYORR. You’ll agree that’s a little harder to crack than pig Latin!
Hard But Not Impossible to Crack
In the end, the enigma code was cracked by in an incredibly smart English chap named Alan Turing who also went on to come up with a bunch of fundamental computer stuff like the Turing Test, a test designed to investigate when a computer is as smart as a person. Clearly a man ahead of his time.
Of course, people invented harder forms of encryption than the Enigma code pretty quickly. When those got cracked, even harder ones were invented. As computers have become more and more powerful, a sort of arms race between those who make encryption codes and those who want to ‘crack’ those codes to get to the juicy information on the inside.
No one has yet invented a way to encrypt information that is 100% impossible to break into. It’s not a question of whether an encryption code can be broken, but whether the effort and expense you’d have to put in are worth it. An ideal situation is one where the stuff that you’re trying to protect isn’t worth the effort of trying to steal it. The problem is that the constant march of technology is making it cheaper and simpler to break current encryption technologies every day.
Not Every Encryption is Made Equal
As you already saw in the case of pig Latin and the Enigma Machine code, encryptions differ in how hard they are to break into. So it’s not enough to know that VPN encryption scrambles the information that flows between you and your VPN, but that the quality of that encryption is good enough so that it actually gives you enough protection.
Modern digital encryption works with something called an encryption key. The key is basically a string of random characters that you can use to both scramble and unscramble information. The key is created when needed by an algorithm, which is a fancy way of saying it’s a mathematical recipe that creates a different key every time you run through it. These algorithms are designed by people with far too much time on their hands to create keys that are very hard to predict. The chances that you’ll get exactly the same key twice is so small that you may as well say it will never happen.
People who try to break encryption systems almost never try to attack them on the algorithm level. Unless there’s some serious problem with how the algorithm was made, there’s no real way to use it against itself. No, the easiest way to break encryption is by attacking the key itself.
The Hard Way is The Easy Way
So, all we have to do in order to break an encryption code is figure out what the key is, right? That sounds pretty easy on the surface, but let’s talk about why that’s not so straightforward.
Imagine you had a combination lock on your bicycle, but it only had one digit. That means the correct number to unlock your bike is between 0-9. If someone wanted to steal your bike, they could just try every possible number until they found the right one.
This is known as a Brute Force attack. It’s simply trying every possible combination until we find the key that opens the lock. It’s quick and simple with our one digit lock because there are only 10 possible answers, which means that there’s a one-in-ten chance of just guessing it right on the first try. That improves to one in nine on my second try and so on.
What an awful security system! But if we add just one digit to our lock, things are already much tougher. Now the possible answers are 00-99. In other words, you only have a one-in-one-hundred chance of guessing the combination on the first go and to ‘brute force’ all the possible numbers can take as much as ten times as long. A three digit lock makes that one in a thousand and the popular four-digit bike lock amps it up to one in 10,000!
How Hard is to Break VPN Encryption?
The length of the keys used to encrypt and decrypt data are not as short as our bike’s combination lock. They are way, way longer. The gold-standard encryption that is used to secure things like credit card transactions and other sensitive transactions on the internet use keys that are 256 ‘bits’ long.
Since each bit can only have two states (1 or 0) the number of possible combinations for a 256-bit key is 2 to the power of 256. That is a properly, massively, stupendously huge number. The sort of number that even Stephen Hawking would have a hard time imagining. So, even if you took the most powerful computers in the entire world, like the ones governments have, and you let it guess millions of possible key combinations every second of every day, it would still take billions of years for that computer to try every possible combination of bits that make up the key.
So while it’s not technically impossible to use brute force to ‘crack’ strong encryption, it’s so impractical that it might as well be!
Going Beyond Brute Force
So everything is perfectly safe, and we don’t have to worry? For the most part, the answer is yes, but there are other ways than using brute to figure out an encryption key.
For example, if we wanted to figure out your password and we knew that lots of people choose “Pa$$w0rd” as their password, then we have a much better chance of guessing correctly than trying every possible combination of eight letters, numbers and symbols.
By employing some smart strategies, it can be possible to cut down how much computer power you need to get the job done. For example, the AES 256 encryption standard has been ‘cracked’ under lab conditions by people who have the job of trying to figure out weaknesses in encryption before the bad guys do. They figured out a way that (in theory) would cut the time needed to crack the key by 75%, but that’s still 25% of billions of years, so don’t get too nervous just yet!
Is Encryption All That Matters?
No! It’s very important to understand a VPN encryption technology is only one part of overall privacy. Just because you’re protected from eavesdropping or your exact location can’t be easily found, doesn’t mean you can just go on your way without any more worries.
Remember that there are plenty of online services that you voluntarily share your information with. When you log into a service such as Facebook, you’re identifying yourself. When you geotag a photo on social media, that’s you giving the information away by choice.
A VPN’s encryption can protect you from most involuntary privacy breaches, but it can’t protect you from yourself! The same goes for bad Internet habits such as visiting dodgy, malware-ridden sites. If your computer gets infected with software that tracks your keystrokes or watches your screen, it will happily send your passwords and information back through your VPN’s encrypted connection. It won’t help you if you fall for an email phishing scam either. So treat emails from rich princess with care!
Introducing: VPN Encryption Protocols
While you don’t need to know much about the technical details that underlie VPN encryption, it is useful to know what different types of security options a VPN is likely to offer you. VPNs don’t offer their encryption as a separate option but as part of an overall VPN protocol. Some VPNs only provide one protocol option, but most offer a few options. Let’s go over the most common ones in a quick and straightforward way.
IPSec or Internet Protocol Security is the most common VPN protocol you’ll run into. It’s a technology that can secure the transmission of data between two points. Which is why it’s so popular for ‘site-to-site’ VPNs that connect, for example, your router to the VPN provider’s server. The encryption part of the protocol is called ESP which is short for encapsulated security payload, so not the psychic kind of ESP.
IPSec is a good choice when you don’t want to think about VPN protocols just to use a VPN. It works at a low-level of the network, isn’t limited to specific devices or applications and can encrypt all data traffic.
The main thing to worry about is whether your IPSec provider is using an up to date encryption algorithm, such as AES 256.
Layer 2 Tunneling Protocol is another common VPN protocol that secures a data tunnel between two points on a network. L2TP is just a tunneling protocol though, it doesn’t have any encryption built in by default. So you can (and should) combine it with a strong encryption standard, such as IPSec!
L2TP is a well-supported standard, but it’s also easily blocked completely. Which means it’s not much use in countries that want to block VPN use in general. It’s also not the fastest protocol either.
Point-to-Point Tunneling Protocol is a fast but pretty much insecure VPN protocol. The only real reason to use this technology is to circumvent geoblocking, but if data privacy is your goal, then it’s a big no-no. From a security point of view, PPTP is pretty much obsolete.
OpenVPN is a great security solution with a host of strong encryption standards and multiple supportive security features. If your main concern is data privacy, OpenVPN is great. On the other hand, it has some of the worst latency thanks to all the security overhead. So if you want to do things that need low latency (such as video conferencing), then it may not be the best choice. Make sure to learn more about OpenVPN.
Your Choice of VPN Matters
In the end, just about every VPN service uses encryption that’s strong enough so that you don’t have to actually worry that someone will crack the key and get all of your secrets served on a platter. It’s much more important to know who your VPN is and how they do business. After all, there are at least two parties involved here that have access to your encryption key. One is you, so that’s OK, but the other is your VPN!
Which means that, rather than asking if the encryption used by your VPN provider is good enough, the real question should be whether you can trust them or not. What is their policy on record keeping?
For example, there are some VPNs that have an explicit ‘no logging’ policy. In other words, they don’t even record your Internet activity in the first place. Which makes it impossible for them to disclose it to anyone in the first place.
Who could force a VPN provider to cough up your information? Well, the government of the country that the VPN is based in could have the power to do it, and if it has an agreement with the government in your country, well you can do the math. So not only do you need to know what the VPN’s internal privacy policies are, but you also need to know what the privacy laws in their country of origins say. Which is why certain countries are so popular with VPN providers. On the other hands, there are countries that have banned VPNs altogether.
So, Is VPN Encryption Safe?
At this point, it should be clear that on a technical security level, the industry-standard encryption used by all reputable VPNs is about as safe as it gets. As long as a VPN actually uses such an encryption standard, it’s really not the sort of thing that a typical person has to worry about.
Unless you’re the CEO of a major company or a scientist who is about to invent the car that runs on water, it’s not likely that anyone would even think of tackling your VPN encryption. Besides, it should also be pretty clear that there are plenty of easier ways to get to your information for a determined and well-resourced thief. It is easier just to use other methods.
If Not Encryption, What’s Really Important?
We already mentioned that VPN policies, reputation, and local laws are important considerations, but it’s important to understand that from a security point of view encryption is only one component of the total package. It’s a single layer in a multilayer security cake.
For example, VPNs also use a method known as encapsulation which puts the original data packets (the pieces of information that get sent over the Internet) inside another data packet so that it’s not clear where it comes from or what sort of data it is.
In addition to this, VPNs also provide strong account authentication to make sure that only the right person logs into your VPN in the first place. Since, once again, just stealing your password is a billion times easier than trying to break the encryption on your VPN.
So, the short answer is that encryption is super safe and that good VPNs use it in combination with several other security measures to ensure that you’re anonymous and can browse in private. These are all incredibly powerful tools that can keep you safe from a lot of undesirable things in the Wild Wild Web. But even the best security technology is only as strong as the security habits of the person who operates it.