VPN applications must meet several requirements in order to be considered top-notch in their line of work. Ideally, these type of software should put emphasis on security and give you the possibility to unlock content in many countries. They should also have a low impact on system performance, run fast across the internet, as well as support multiple devices and simultaneous connections, among many other features.
We’ve actually covered the ups and downs of VPN tools in a separate article. If you’re mostly interested in the security aspect, though, then you should hit the books and learn more about VPN encryption. It’s the key behind the whole security of a virtual private network utility. In this article, we’re tackling the types of encryption algorithms, popular security methods used for exchanging message through virtual private networks, as well as ways to crack encrypted systems.
You can learn a bit of info about early methods of encryption, symmetric and public keys, key sizes, block ciphers and stream ciphers, plaintext and ciphertext. We’re also taking a closer look at DES, Blowfish, AES, Camellia, RSA, SHA, Diffie–Hellman key exchange, Elliptic-curve Diffie–Hellman, Perfect Forward Secrecy, and handshake encryption. Lastly, you can check out about the common methods of attacking encrypted systems: dictionary, brute force, and hybrid.
What happens when data travels on the web
Any item that gets transferred over the internet, such as a website address, password, text message, photo, video or any other kind of file, is made out of numerous bits of information. What the network does is send each packet of that information to the destination, then reconstruct the original item when all packets arrive there. If an unauthorized third party was able to notice the packets, it would be able to get hold of the contents and take a closer look, like someone opening your post mail without your permission: it’s illegal.
When using the public internet, like connecting to an unprotected hotspot at a coffee shop or an airport, anyone with a bit of skill is capable of viewing the information you are sending or receiving. However, by installing a reliable VPN tool on your computer, you can protect the contents of that information, all thanks to the security features facilitated by VPN encryption.
What is VPN encryption
VPN encryption is encryption applied to virtual private networks, which can be used to protect sent and received data from being decrypted if it was intercepted by an unauthorized third party, like a hacker. What VPN encryption does is scramble the original information to create gibberish data which cannot be decoded without the secret key. This way, even if a hacker was capable of acquiring your personal data, they would not be able to decipher it.
Just like a magician’s performance act which cannot be complete until the disappeared object reappears on stage, VPN encryption is not complete without decryption. And, in order for decryption to be successful, the computer on the other end of the line, the one that’s supposed to receive the message, it has to know the secret key (also known as cipher).
Early means of encryption
Encryption is part of cryptography: writing and solving codes. The earliest form of encryption recorded to history is the substitution cipher (also known as the Caesar cipher). It was used by Julius Caesar around 58 BC to send secret messages to military commands, so that they cannot be understood by his enemies. He shifted the letters in the alphabet by three positions, so that “A” is actually “D”, “G” is actually “J”, and so on. In this case, the cipher was “3” and it had to be shared to Caesar’s men to be able to decrypt his messages.
Another famous and far more complex example is the Enigma machine. Developed by a German engineer at the end of World War I, it was used to encrypt secret messages for military, diplomatic and commercial purposes. Enigma used an intricate substitution cipher known as a rotor machine. This kind of machine had a set of rotating disks that were connected to electrical contacts on either side, creating a complex mechanism for substituting letters and numbers. This allowed Enigma to encrypt data which was incredibly difficult to decode because it generated thousands of key settings that would have taken a very long time to check.
Understanding encryption algorithms
In technical terms, VPN encryption depends on several factors: encryption algorithms used to encrypt and decrypt data, data authentication used to verify the integrity of transferred information, and handshake encryption used to negotiate the terms and conditions that must be met by both parties (sender and receiver) before exchanging information.
Most encryption algorithms are freely available to the public, so that anyone can analyze how they are designed. On rare occasions, developers prefer keeping the code private so that it cannot be examined by anyone. It’s easy to think that someone that knows the encryption mode you use for transmitting information over the internet is one step away from hacking it and taking over your data. However, the true security factor lies in the key: without the key, the door cannot be opened.
When it comes to data security, encryption can take care of various user concerns. For instance, if you want to make sure that a piece of information reaches someone and that it wasn’t tampered or damaged along the way, then you’re interested in data integrity. If you care about keeping contents private from anyone else, you’re looking for data privacy. There’s also the scenario when it’s important to convince the receiver that the message comes from you and no one else (data authentication). All of these features are facilitated by VPN encryption algorithms.
Plaintext and ciphertext
Two things are essential for an encryption algorithm: the input and the output. The input represents the original, decoded message that you want to send over the web in protected form, known in cryptographic terms are the plaintext. The output is resulted from encrypting the plaintext with the help of a cipher, in order to make the message unreadable to the outside world, also known as the ciphertext.
Decryption, or the reversal procedure of encryption, restores the original, untampered message. For decryption to be successful, it’s necessary to decode the ciphertext using the same cipher that was used for encryption. Ciphers represent a step-by-step operation that must be correctly followed to deliver the desired output.
Different ciphers currently being applied to software can be told apart by the way they work: on blocks of symbols with a fixed size (block ciphers), in a continuous stream of symbols (stream ciphers), using one key for both encryption and decryption (symmetric key), or using distinct keys for encryption and decryption (asymmetric key).
Block cipher and stream cipher
A block cipher is another mode of encryption that splits the original messages into multiple text blocks of fixed length, in order to encrypt and decrypt them individually. Opposed to the block cipher is the stream cipher, which encrypts one bit at a time. While the stream cipher is faster and has low hardware requirements, it’s unfortunately open to attacks due to the fact that there’s a high chance of encrypting identical text blocks by using the same starting seed.
The block cipher was precisely developed to eliminate this risk. It’s a pseudorandom permutation (PRP) that needs a fixed size for each block of bits (e.g. 128 or 256 for AES). Each ciphertext produced by the previously encrypted block is used to encrypt the next block, and so on.
Keys and key sizes
Key size, or key length, represents the number of bits supported by the key of the encryption algorithm. Typical examples include 64-bit, 128-bit and 256-bit key sizes. The key size is responsible with the total combinations necessary for hacking an encrypted system.
The shorter the key, the weaker the security but the faster the processing. The longer the key, the stronger the security but the slower the processing. If a key has n bits, then there are 2n possible keys. 64-bit keys mean 264 possible key matches while 256-bit keys mean 2256 combinations.
Symmetric and asymmetric keys
Encryption algorithms use symmetric or asymmetric keys. Symmetric means that the same key is used for both decryption and decryption (private-key cryptography). It falls in the hands of the users to keep it secret from anyone else and to safely communicate it to the receiver (shared secret). The fact that both parties must know the key is considered a disadvantage for symmetric keys when compared to public keys. Symmetric-key encryption can use either block or stream ciphers. Examples for symmetric keys are AES, Blowfish and Camelia.
The asymmetric algorithm uses a pair of two distinct keys for encryption and decryption, respectively (public-key cryptography). The encryption key can be seen by anyone, so it’s not necessary to keep it hidden. But the decryption key is private, so only the person or party holding this key will be able to decode the message. On the bright side, data authentication is ensured since the public key checks that the message was sent by the party with the private key. Examples for asymmetric keys are RSA and Diffie–Hellman key exchange.
Symmetric-key encryption: DES and 3DES
Made in the early 1970s by IBM, DES (Data Encryption Standard) is a symmetric-key algorithm inspired by an initial design of the Feistel network. It was proposed to the NES (National Bureau of Standards, now known as National Institute of Standards and Technology – NIST) as a solution for protecting electronic data belonging to the government. After consulting the NSA (National Security Agency), NES picked a modified version of DES that was strong against differential cryptanalysis but weak against brute-force attacks.
How it works
DES is the best example of a block cipher. Using plaintext of fixed length as the input, it turns it into ciphertext with the same length through multiple operations. There’s a unique key that can be used for both encryption and decryption by those who know it.
However, although the key has 64 bits, only 56 bits are used for the algorithm while the remaining 8 bits are utilized to verify the parity and then left out. One bit in each 8-bit byte can be used to detect any errors which may occur when generating, distributing and storing keys. This means that the theoretical 64-bit key size is actually 56 bits.
Weaknesses and solutions
Because it has a 56-bit effective key size, which is considered very small, the general consensus is that DES is an insecure encryption algorithm. As such, it has to be used in a mode of operation, like other block ciphers. Nevertheless, DES-based systems were successfully breached using brute force. Due to its low security, DES was officially withdrawn in 2005.
Triple DES (3DES) is a successor that applies DES three times to each block of data, thus reaching a 168-bit effective key size. Unfortunately, 3DES-based systems are susceptible to meet-in-the-middle attacks since this type of attacks focus on encryption modes that execute a sequence of encryption tasks. Due to this, the 168 bits are reduced to 112 effective bits. Sadly, 3DES has also failed to meet security requirements, leading to its official retirement in 2018. It will be considered deprecated and disallowed after 2023.
Symmetric-key encryption: Blowfish
Developed by Bruce Schneier and released to the public in 1993, Blowfish is a symmetric-key block cipher that provides good encryption. It’s also considered fast when it’s not necessary to change keys. This is because a new key needs to be processed before it’s set, and the process time is similar to encryption around 4kb of text. In comparison, other block ciphers are quicker.
Blowfish was designed to replace the outdated DES and to overcome the issues encountered by other security algorithms. According to its maker, Blowfish doesn’t have a patent, so it can be used by anyone from the public domain for free. Since it’s one of the original free block ciphers, it has since gained popularity.
How it works
Blowfish has a 64-bit block size and a key length that ranges from 32 bits to 448 bits. It is a Feistel cipher of 16 rounds that takes advantage of key-dependent S-boxes. Structurally speaking, Blowfish is similar to CAST-128, a symmetric-key block cipher that uses fixed S-boxes.
In the Blowfish algorithm, the 64-bit plaintext is split into two parts of 32 bits, and each segment of the 32 bits is divided into four subsegments. The first subsegment of the first 32-bit segment is encrypted with the starting seed (the key).
What results from this is then processed with the first subsegment of the second 32-bit segment to generate new output that cannot can be traced back to the original plaintext without decrypting each text block along the way. This is repeated until all subsegments have been encrypted, creating the output (ciphertext), which can be subsequently decrypted with 64-bit Blowfish and the key.
Weaknesses and solutions
On the other hand, because it uses a 64-bit block size (unlike AES with 128-bit, for example), Blowfish is susceptible to birthday attacks, especially when it’s associated with HTTPS. Due to this, the team behind the GNU Privacy Guard project recommends to skip Blowfish for encrypting files with a size over 4GB. Although it’s still considered a modern block cipher, Schneier recommends replacing it with Twofish, the official successor of Blowfish. Twofish basically increased the Blowfish block size to a minimum of 128 bits, which can go up to 256 bits.
Some of the VPN apps that still feature Blowfish are Private Internet Access and HideMyAss (Blowfish 128-bit in CBC mode). ExpressVPN used to support 128-bit Blowfish, too, but the company decided to switch to 256-bit AES. In fact, most VPN providers consider 128-bit AES to be superior to 128-bit Blowfish, although no one has managed to fully break it.
Symmetric-key encryption: AES
Developed in the late 1990s to replace the outdated DES, AES (Advanced Encryption Standard) is the modern subset of Rijndael, a block cipher made by Joan Daemen and Vincent Rijmen. It was turned into an encryption standard by the US National Institute of Standards and Technology in 2001. The cipher has a block size of 128 bits and key sizes of 128, 192 and 256 bits.
How it works
AES relies on the symmetric-key algorithm, which means that the same key is used for both data encryption and decryption. As far as the structure is concerned, AES doesn’t depend on the Feistel network like Blowfish but on the substitution-permutation network: made of a block of the plain text and the key, the input (plaintext) goes through multiple alternating rounds of substitution (S-boxes) and permutation (P-boxes) to generate the output (ciphertext).
The number of alternating rounds for converting the input into the output is determined by the AES key size: 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys. Each round consists of substitution and permutation. Considering a table of rows and columns where each cell contains a block of text, the first round is to substitute data using another table (substitution table). The algorithm shifts data rows in the second round and mixes columns in the third. The fourth round performs a XOR operation on each column using a small part of the encryption key. Subsequently, sets of four rounds are executed (depending on the key size) until all parts of the encryption key have been used.
Weaknesses and solutions
The US Government adopted AES in 2003 for protecting secure information. 128-bit, 192-bit and 256-bit AES is used for protecting classified data up to the SECRET level, 192-bit and 256-bit AES is reserved for the TOP SECRET level. Before integrating AES with systems or information related to national security, it has to be certified by the NSA.
There have been theoretical debates over the years on whether AES-protected systems could be hacked, but this hasn’t lead to practical success. There are no current known attempts at accessing AES-encrypted information without the key, provided that AES is used correctly. As such, AES has become the top of the line when it comes to symmetric-key ciphers, and it is used by most VPN service providers.
Symmetric-key encryption: Camellia
Designed by Japan’s Mitsubishi Electric and NTT (Nippon Telegraph and Telephone) in 2000, Camellia is a symmetric key block cipher approved for general use by the European Union’s NESSIE research project (New European Schemes for Signatures, Integrity and Encryption), by the Japanese CRYPTREC project (Cryptography Research and Evaluation Committees) as well as by the ISO/IEC (International Organization for Standardization in joint with International Eletroctechnical Commission).
How it works
Camellia has a 128-bit block size and key sizes of 128, 192 and 256 bits. Thanks to its high level of security and processing, the encryption algorithm has an interface that can be compared to AES. It’s based on the Feistel network, featuring 18 rounds when using 128-bit keys or 25 rounds when using 192- or 256-bit keys.
For every six rounds, Camelia either executes a logical transformation layer called FL-function or its reversal. Four 8×8-bit S-boxes are used in the encryption algorithm, along with input/ouput affine transformations, logical operations, and key whitening.
Weaknesses and solutions
As previously mentioned, Camellia is similar to AES as far as security goes. It’s considered a high-level cipher even when used with the lowest key size of 128 bits. As such, there have been no successful attacks on a system encrypted with Camellia which would lead to significant damage. It can be applied to both software and hardware.
Asymmetric-key encryption: RSA
Initially published in 1977, RSA (Rivest–Shamir–Adleman) evolved into a modern and reliable public-key encryption method. With key sizes that typically range from 1,024 to 4,096 bits, RSA has four steps: generating, distributing, encrypting and decrypting keys.
How it works
A public key based on RSA is created and transformed by taking into account two large prime numbers (preferably random but with a similar magnitude and different length to strengthen security). An auxiliary value is used, too. What follows is a series of intricate mathematical operations that generate the pair of public and private keys based on the prime numbers. If the new RSA key is big enough, it’s impossible to crack it using only the public key, unless the primes are known.
Weaknesses and solutions
RSA is considered a slow processing algorithm, which means it’s not generally used for direct data encryption. Instead, it can encrypt symmetric keys and safely distribute them over the web since symmetric-key encryption is significantly faster and can process multiple encryption and decryption operations at the same time.
1024-bit RSA keys are considered insecure for handshake protection, although some VPN applications still support them. It’s recommended to go with 2048-bit RSA or better. Furthermore, RSA doesn’t have built-in support for Perfect Forward Secrecy, but this can be resolved by integrating key exchange with Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH).
Asymmetric-key encryption: Diffie–Hellman key exchange
To be able to establish a secure channel, two parties used to have a private meeting in order to share the private key which would be then used to exchange secret messages. However, this method is ineffective for parties who don’t already know each other or who cannot physically meet. Diffie–Hellman key exchange (DH) is a public-key encryption method developed to overcome this issue. It can be used to share private keys through an insecure channel, keys that can be subsequently used to encrypt data with a symmetric key cipher.
How it works
The cryptographic description of the Diffie–Hellman key exchange can be understood easier with a simple color mixture analogy. Two parties agree on a color, then each party picks a secret color that it doesn’t share with the other. The important thing is for the two secret colors to be different. Afterward, both parties combine their secret colors with the public one to create two new, rare colors (one for each party).
The rare colors are then swapped (made public), so each party receives the other’s rare color but doesn’t know the secret ingredient that was used to create it. Lastly, the rare colors are combined with the initial secret color of each party. Both operations will produce the same output color, which becomes the private key to be used by the parties. Another great thing about DH is that it can be used by any number of parties.
Weaknesses and solutions
DH is considered effective against eavesdroppers if the numbers are large enough. It has a key size of 2048 or 4096 bits. Random number generators should not be used, though, because the results are not truly randomized, which means that it increases the eavesdropper’s chances of predicting the output.
Furthermore, DH doesn’t originally provide authentication features, which makes it susceptible to man-in-the-middle attacks. This is where variants of the Diffie–Hellman key exchange method intervene, such as Elliptic Curve Diffie-Hellman, in order to provide authentication. It has native support for Perfect Forward Secrecy. A good example for this is the STS protocol, capable of fending off man-in-the-middle attacks. Because it utilizes a limited set of prime numbers, DH has been susceptible to NSA attacks.
Asymmetric-key encryption: Elliptic-curve Diffie–Hellman (ECDH)
Elliptic-curve Diffie–Hellman (ECDH) is a variant of the Diffie–Hellman protocol that takes advantage of elliptic-curve cryptography. Compared to non-elliptic-curve cryptographic methods, ECDH requires keys with a smaller size but doesn’t take anything away from security. It can be used for cipher negotiation, digital signatures and pseudo-random generators.
How it works
In order to work, both parties must have a pair of public and private keys based on the elliptic-curve principle. Besides using the shared secret as the encryption key, it can also be used to create a new key using a key derivation function. Compared to Diffie–Hellman key exchange, ECDH uses algebraic curves instead of prime numbers, which means that it’s not vulnerable to the NSA attacks.
Weaknesses and solutions
The key size of ECDH starts at 384 bits, which is thought to be secure enough. But it’s better to increase it if you’re looking to integrate it with TLS handshake. To facilitate Perfect Forward Secrecy, Elliptic-curve Diffie–Hellman has built-in features for ensuring privacy. Otherwise, it can be used alongside RSA handshake.
Handshake encryption is required for establishing a safe connection between a VPN service provider and a VPN server. It’s used by TLS connections to create a secure channel that can be used for exchanging secret keys, which can be subsequently used for encrypting and decrypting messages.
The protocol specifies the format for the messages and the order in which they are exchanged. These features may vary, depending on what the client and the server want, and they will be specified in the negotiation stage. As a result, the TLS connection will be either successful or the system will display an alert message.
Perfect Forward Secrecy
Perfect Forward Secrecy (PFS, also known as Forward Secrecy – FS) is a safety feature for VPN servers which makes sure that session keys cannot be identified by unauthorized parties even if the server’s private key was leaked. The purpose of PFS is to keep past sessions safe from any further breach leading to compromised secret keys and passwords.
This is possible by generating and assigning a unique, random key for each session initialized by the user. Therefore, if someone gets their hands on a session’s key, they will not be able to use it for another session. The concept of “master key” cannot be exploited here since there’s no magical key that can open all doors.
Perfect Forward Secrecy is capable of protecting information on a network’s transport layer which uses typical SSL/TLS protocols, like OpenSSL. When PFS is applied, past encrypted sessions cannot be accessed and decoded by hackers who got ahold of the secret keys and passwords, even in the case of man-in-the-middle attacks.
VPN protocols are predefined rules and conditions that must be negotiated between the client machine and the server, in order to create the secure tunnel on the internet. VPN service providers often support more than just one protocol, since each one comes with ups and downs. One protocol may favor speed but have a negative impact on security, or vice versa.
Notable VPN protocols include PPTP, L2TP/IPsec, IKEv2/IPsec, OpenVPN, SSTP, SSL/TLS, TCP and UDP. We’ve actually covered them in a more in-depth article about VPN protocols, so feel free to check it out. However, most people agree that OpenVPN is currently the top choice.
Data authentication depends on cryptographic hash functions. Hash functions have the role of assigning a fixed size to data of any size, so that it can be swiftly located in large tables and duplicate entries can be deleted. Applied in cryptography (in VPN, implicitly), these functions can be used to ensure the integrity of transferred data. HMAC (Hash-based Message Authentication Code) uses a cryptographic hash function and a secret key, which can be used to both check data integrity and message authentication.
SHA1, SHA2 and SHA3
Designed by the NSA, SHA1 is a cryptographic hash function that turns an input message into a 160-bit message digest, which is an alphanumerical code of usually 40 digits. It used to have an important role in security tools and protocols, like SSL (Transport Layer Security), SSH (Secure Shell) and PGP (Pretty Good Privacy). Unfortunately, it’s not safe to use SHA1 anymore, especially for keeping HTTPS websites safe, since it’s known that SHA1 was a victim of collision (two different messages illegally producing the same hash value). Some VPN applications still support SHA1, but it’s a good idea to move on to newer iterations, like SHA2 and SHA3.
SHA2, on the other hand, is resistant to collision attacks, and there hasn’t been any proof of creating the same hash for two different inputs. The SHA2 family supports 224, 256, 384 and 512 bits. SHA3 is the newest member of the SHA family, supporting the same key sizes as SHA2. The difference is that it has a different internal structure, taking a more modern, flexible approach in order to process and produce data of any size (sponge construction).
How encrypted data can be cracked
Some websites recommend that you should change your passwords often, not because it’s a good way to train your memory but because someone might be in the middle of cracking your current key. By changing it, you force the attacker to go back to the drawing board and make another attempt at guessing your passcode. To better understand how this works, it’s important to briefly go through common password cracking procedures: dictionary, brute force, and hybrid.
Dictionary-based attacks are the fastest way of guessing simple passwords that people set just because they are easy to remember. These are usually the people who believe there’s a very low chance of them becoming the victims of hackers. Besides, when you have different passwords set for numerous accounts, it seems more convenient to create basic, easy-to-remember passwords, when the obvious safer solution is to resort to a password manager.
In dictionary mode, the person or party that launches the attack has a predefined list of commonly used passwords saved to file. The cracking program simply goes through each word or phrase of the database until it finds the match.
This database and password variations can be downloaded from the internet. However, this list can be easily edited by the hacker to add any combination of characters, words or phrases. Plus, if you know someone with hacking skills and who happens to hold a grudge, they might be capable of creating a customized list of possible passwords to your accounts after gathering helpful details like your date of birth, pet or spouse name, and so on.
Brute force attacks
When using brute force, the hacker tries all possible combinations to guess the cipher (password). This means that it replaces each character of the password with every lowercase letter of the alphabet, and then it goes through the same cycle by making the letters big. Besides lowercase and uppercase letters, brute force throws in numbers and symbols, too, like !, @ or %.
What we can draw out from this is that brute-force has low efficiency on passwords with many characters that are scrambled together in a key without any meaning. The longer the password with random characters mixed together, the longer it takes for a brute-force attack to find the correct key (time increases exponentially).
On the other hand, brute force doesn’t necessarily have to have a pattern with the types of tried characters. For instance, it’s not mandatory for all brute-force attacks to first try all lowercase letters, then all uppercase letters, then all numbers, and so on. The hacker has the possibility to change this pattern, even on a hunch. The reliability of an encrypted system is actually calculated by considering how much time it would take to be cracked using brute force.
The main difference between dictionary and brute force mode is that, while dictionary attacks try only passwords with a higher chance of success (faster but less effective), brute force searches the key space systematically to cover absolutely everything (slower but more effective).
Nevertheless, it’s not uncommon for hackers to launch hybrid attacks: a combination of dictionary and brute force attacks. In this case, the attacker has one or more dictionary files that it uses alongside brute force mode. Users who are aware of the dangerous of short and simple passwords add seemingly random characters but with a secret meaning to make it relatively easy to remember (like a mnemonic device).
Hybrid is considered a more intelligent form of attack because it means that the attacker managed to collect some intel on its victim. It first tries all words or phrases in the dictionary files because proceeding with an exhaustive key search using key derivation.
Unless you’re an interested developer or a cryptography enthusiast, it’s not really necessary to learn the technical background of VPN encryption and all its aspects. But understanding the way it works and the settings that you should configure in a VPN application is key toward finding the best VPN app. We’d love to know your ideal VPN encryption configuration, so feel free to drop us a line in the comment section below.