Connect with us

Hi, what are you looking for?


Is your VPN secure? How to make sense of VPN encryption

Is your VPN secure? How to make sense of VPN encryption


Virtual private networks use slick marketing terms to charm potential users, but you can easily get tangled up when trying to pick it all apart. The language describing encryption methods is thick with acronyms and technical jargon, so searching cute phrases like “military-grade encryption” usually turns up more questions than answers.

But while the details of encryption can initially be confusing, things become pretty clear once you know how to sort out the information. Concepts like TLS, RSA certificates, keys, AES encryption, and the like will seem far less foreign, and it’ll be a snap to evaluate how worthy a VPN is of your attention. Here’s how to get there.

How VPN encryption works

Generally speaking, encryption is the process of converting data into code (an act known as encoding), which can then only be decoded by an authorized party. When your computer connects to a VPN, a multi-step encryption process should take place. The degree of security in each of those steps depends on the protocols used. Each protocol handles elements like authentication, key exchange, and encryption of the established connection in different manners. 

You can usually break down modern VPN encryption protocols into these four parts:

  1. How the connection first begins (the “handshake”)
  2. How the connection generates the piece of code (“the key”) used to encrypt and decrypt data during the session (aka the key exchange)
  3. How long the encryption keys persist
  4. The encryption method used to protect the established connection

The protocols supported by a given VPN indicate the general level of encryption strength, but they can be configured to taste. Consequently, VPN services can use the same protocols but provide differing levels of security. One company may hew closer to industry defaults to boast faster speeds, while another might increase the key lengths/sizes used for encryption to maximize security.

How to untangle the specifics of VPN encryption

openvpn homepage screenshot PCWorld

Many VPNs support OpenVPN, a popular open-source protocol known for its high level of security.

Start by determining which protocols a particular VPN service supports. Currently, the industry favors three for their high security: OpenVPN, IKev2/IPSec, and Wireguard. You may also see proprietary riffs on known protocols, as well as slower or less secure ones like SoftEther, SSTP, and L2TP/IPSec. PPTP is rare these days, as it’s an old protocol and no longer provides adequate protection.

Next, dig up the details of how the VPN has configured its chosen protocols. Most services offer a nuts-and-bolts explanation in support pages, an FAQ, or blog posts. You should encounter terms like “RSA certificates” and “Elliptic Curve Diffie Hellman protocol” here. Online searching will clarify any terms you’re not familiar with.

Finally, take all the jargon that you’ve found and weigh it against industry standards. Again, online searching will help you fill in any knowledge gaps. Be wary of VPNs that don’t meet current industry defaults (e.g., 2048-bit keys for RSA certificates and 128-bit AES encryption). A VPN’s level of encryption should line up with its marketing claims, too—a provider that trumpets the iron-clad security but uses PPTP or even L2TP/IPSec gives reason for doubt.

Advertisement. Scroll to continue reading.



Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Alamat email Anda tidak akan dipublikasikan. Ruas yang wajib ditandai *

Artikel Lainnya