If you are just beginning to stroll into the world of VPNs, there is no doubt that you have been confused plenty of times.  It's a complicated area of internet security with a lot of jargon and way too much maths involved.  If we ever left our mothers' basements to have social lives, there would be no way that we would have had the time to comprehend the complexity of them either.  Thankfully, we have poor social skills, so we can take the time out to explain some encryption terms that you might not yet understand.

What is a VPN Protocol?

This is a term that you will hear around a lot when you are comparing different VPNs and their security options.  A VPN protocol is the system that two computers will use to establish an encrypted connection.

The gold standard in VPN protocols is currently .  All good VPN providers should offer it and if they don't you should stay away.  If you have serious security concerns, you should definitely be using it.  Because of its heavy encryption, it can be somewhat slower than the other VPN protocols, but you shouldn't notice much of a speed difference unless you are using a slow connection.

The two other protocols that you will see a lot are PPTP and L2TP.  Both of these are known to be vulnerable, which is why most security experts recommend that you use OpenVPN.  L2TP tends to use the IPSec authentication suite, while PPTP uses the relatively insecure MS-CHAP v2.

What is an RSA Handshake?

In VPN terms, a handshake is a digital signature algorithm which identifies TLS/SSL certificates.  Sometimes it is also called certificate encryption or key encryption.  They are used to establish secure connections.  The RSA handshake is the most common form used by OpenVPN.  It is an asymmetric public key cryptosystem.  This means that the data is encrypted by a public key, but decrypted by a private one.

These days, RSA-2048 is the minimum that is considered secure.  Any good VPN provider will offer this.  RSA-1024 was considered adequate until 2010, when it was shown that it could be cracked.  If you want even stronger security, there is also 3072-bit and 4096-bit RSA encryption

There are other handshakes that also have there advantages and disadvantages.  Sometimes OpenVPN uses the Diffie-Hellman cryptographic key exchange.  There is also the newer and less vulnerable Elliptic Curve Diffie-Hellman.

What is Hash Authentication?

Hash authentication makes a special signature that authenticates SSL connections.  It is sometimes called Hash Message Authentication Code (HMAC) or data authentication.  There are several different Secure Hash Algorithms (SHA) in use at they moment.  They are all cryptographic hash functions that are used by OpenVPN and other SSL connections to authenticate SSL connections.

SHAs make unique signatures of SSL certificates that are checked by OpenVPN clients.  It can be detected if the certificate is even slightly changed.  This will cause the connection to be rejected.

SHA-1 is still used regularly even though it has shown to be compromised.  At the moment, its use is questionable, but it should generally be able to provide security.  The industry is moving towards SHA-3 to avoid any of the potential problems that come with SHA-1

Open VPN currently supports SHA-1 and SHA-2, but not SHA-3.  While this may seem like it presents security vulnerabilities, OpenVPN uses HMAC SHA-1, which is much more secure than other SHA-1 hashes.  This is because HMAC would need to be broken before any collisions were possible.

What are OpenVPN Ciphers?

Ciphers are used to actually encrypt your data.  OpenVPN uses the 128-bit Blowfish cipher.  It is generally considered secure, but there is also a push to move towards Twofish instead.  Other options include the various AES ciphers such as AES-128, AES-192 and AES-256.  All of the AES ciphers are considered secure, but it is recommend that you use AES-256 if you have serious security concerns.

What is Cipher Block Chaining (CBC)?

This is the mode of operation for the block cipher.  Although it can be confusing to explain it in detail because of all of the technicalities involved (I'm sure you aren't interested in a novel length article about it) you can get by without understanding it too much.  This is because CBC is the only block cypher mode that is being retailed by VPN providers.  It is thought that there could be some vulnerabilities in CBC, but at this stage it is very unlikely that it has been broken.  You don't really have any viable other options anyway, so it's not worth getting too stressed about the technicalities of CBCs.

VPN Terms are Complicated

They definitely can be, but that's because the mechanics behind how VPNs function are also incredibly complex.  The good news for the user is that they don't need anything more than a basic understanding of the terms and the concepts behind them.  If you don't want to even go that far, you are fine to just follow our reviews and trust the security recommendations that we make.  We generally prefer ExpressVPN, because it's a great all around VPN that combines excellent speeds, a whole lot of servers and good security.

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *