Is your VPN secure? How to make sense of VPN encryption

If you’re using a vpn in first place, you’re either concerned about security and wellbeing of your machine. Or, do you think about using a VPN for windows but just want to double-check how secure it is? Or you stand against the fact digital products and websites collect user data. They use it to fuel their marketing and retargeting efforts, often even selling the collected data to other companies.

Both of which are excellent and valid reasons to use a VPN. But how do you know it’s really working? Do you have a way to know if your product is securing your machines by letting you surf anonymously? Or are you just falling victim to a marketing gimmick?

One way to tell is just by looking at the encryption level your VPN offers. Understanding what all those words and abbreviations like TLS, AES, and RSA certificates mean. Here’s how to make sense of such concepts:

Encryption and how it works

Simply put, encryption is the process of jumbling up the data in such a way that only someone with a special ‘key’—which unjumbles the data and restores it to its original form—can decipher it. Since we’re actually taking data and converting it into text that makes little sense, this method is known as encoding.

When you switch your VPN service on the encryption process starts to encode your communication with internet on your computer. This makes sure that even if an unauthorized party, let’s say a hacker, does intercept it, they can’t understand what’s happening.

The degree of security offered during this encoding or ‘encryption’ process depends on what protocols your VPN service is based on. Protocols handle different elements of the process like authentication, encryption, and the decryption key exchange.

Most current VPN services use encryption protocols that are based on these four simple steps:

1. Initial handshake – connection established.
2. Decryption key generation
3. Time duration:
4. Encryption

What protocols a VPN uses gives insight into the level of encryption—and hence, protection that is being offered, however, most of them can also be configured according to a user’s preference. Also, it is also important to note that different VPN services based on the same protocols can still offer different levels of encryption depending on the features they are focusing on.

For example, VPNs that provide breakneck internet speeds may compromise a little on the security front, while others that offer high-level encryption might not offer the best speeds.

A deeper dive into VPN encryption

An excellent way to figure out the level of security your VPN service is by determining the protocol the service runs on. The top three high-security protocols are currently OpenVPN, Wireguard, and IKeV2. It is also not uncommon to find propriety riffs on popular protocols.

Relatively less secure ones are SSTP, SoftEther, and L2TP, among others. You might also find that some VPNs still run on PPTP, but this is rare because this technology is ancient and no longer considered secure.

When you know what protocols your VPN is based on, it’s now time to look into the configurations. Many services offer an overview on their support pages and websites. Look up blog posts or FAQ sections of your service website to find out more about the configuration.

If you can’t find these, try typing in words like ‘RSA certificates’ or ‘’Elliptic Curve Diffie Hellman Protocol’ and something might just come up. Another advantage of running searches like this is that many technical jargon will start to make sense as you read through the definitions and explanations.

Finally, whatever you find, it’s time to weigh that against what the cybersecurity industry holds as standard, which is at least 2048-bit keys for RSA certificates and 128-bit AES encryption.

The different types of encryption algorithms

Now that we have the basics down let’s talk a little about the two main types of encryption algorithms and ciphers.

1. Symmetric encryption: This type of encryption involves identical public and private keys. This is a ‘fast’ algorithm type, and the best example for this type is the AES encryption cipher.
2. Asymmetric encryption: This involves different public and private keys, which comes with certain risks involved. An example of this is the RSA.

A word on ciphers

Alogrithms encrypts Data using cyphers. Unlike keys, which are comparatively more stable and difficult to break, cyphers have specific flaws that make them a little easier to crack. Cypher and a powerful encryption key can solve this problem.

Let’s look at some popular ciphers that VPN service providers use.

1. The Blowfish Cipher: This kind of cipher is typically paired with a 128-bit key and is considered safer ciphers.
2. The AES Cipher: This cipher can have three different keys; 128-bit, 192-bit, and 256-bit. Fun fact: this cipher is also used by the government, given the NIST certification backing up the security level it provides.
3. The MPPE Cipher: The Microsoft Point-to-Point or the MPPE cipher is generally used with PPTP and dial-up connections and supports 40-bit, 56-bit, and 128-bit keys—not the most secure.

Additionally, RSA is another highly secure cipher used to encrypt online communications. However, it is much slower than others, so it isn’t used for direct encryption anymore. It is also important to mention here that the 1024-bit RSA key is not considered secure by current security standards, and a 2048-bit, or 4096-bit is preferred.

Now that you have a working knowledge of encryption, how it works, and what protocols and ciphers are, you can use it to weigh the pros and cons of continuing to use the one you’re subscribed to!