Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.
VPN Encryption: AES, RSA & SHA

VPN Encryption: AES, RSA & SHA

By Leo S.Leo S. — Verified by Sander D.Sander D. — Last updated: July 24, 2024 — (0)

If you have ever ventured into the wonderful world of VPNs then you probably noticed all the fuss they make about encryption, boasting terms such as AES, RSA, SHA, 128-bit or 256-bit. Before you buy into any service just because they advertise big numbers, you should know that encryption is strongly tied to your choice of protocol. This is a rather complicated subject: there are many variables, which can get very confusing, very quickly. From data encryption to handshake encryptions and data authentication, these need to be taken into account in order to achieve a connection that is both fast and secure. If you want your VPN to be perfectly tuned to face the many waves of privacy attacks on the internet, then knowing all about these different VPN encryption types could be the secret to success.

VPN encryption types

AES: data encryption

AES, which stands for Advanced Encryption Standard, is the most popular encryption type worldwide, and has been adopted by the U.S. government since 2002. It was first called Rijndael and it features three different key lengths: 128, 192 (this one is far less common) and 256 bits. AES is divided into 10 cycles of repetition for 128-bit keys, 12 cycles for 192-bit keys and 14 cycles for 256-bit keys. The key size used for an AES cipher specifies the number of repetitions of transformation rounds that convert the input (called plaintext) into the final output (or ciphertext). In a nutshell, the stronger the protection the slower your connection will be, in much the same way as protocols. In general, 128-bit is safe enough since even the NSA couldn’t break it through brute force, but 256-bit represents even more protection with hardly any extra speed loss. The most common and default combination you’ll see is AES with OpenVPN or, in other words, the best match between speed and safety.

RSA: handshake encryption

This is the encryption used to establish a strong connection and avoid ending up on an attacker’s server. In other words it securely negotiates a VPN connection. In such a cryptosystem the encryption key is public, although the decryption is done secretly. RSA stands for the initial letters of the surnames of its inventors, back in 1977. Ron Rivest, Adi Shamir, and Leonard Adleman designed this system to basically act as an encryption and digital signature algorithm used to identify TLS/SSL certificates, and is divided into three main key encryptions. RSA-1024 was cracked by the NSA in 2010, which ultimately led to the internet adopting an upgrade of the SSL certificates to RSA-2048. This one is considered quite secure and is now the usual default for the majority of VPN providers, although there are cases where you can opt for the stronger RSA-3072 or even RSA-4096 encryptions.

SHA: data authentication

Secure Hash Algorithm – SHA – is a cryptographic hash function that works as the message authentication algorithm with which all of your data is authenticated on SSL connections (including OpenVPN connections) and its sole purpose is to protect you from active attacks. Simply put, SHA creates a unique print of a valid SSL certificate that can be authenticated by any OpenVPN client. If that certificate is interfered with in the slightest then it will be detected and the connection is immediately refused. The most commonly used version of SHA is SHA-1 (160-bit) which also provides the fastest connection.

However, this certificate has been broken, a fact that led companies like Microsoft, Mozilla and Google to inform their respective browsers that they no longer accept this kind of SSL certificate as of 2017. However, if you have packet authentication enabled, the use of HMAC (Hashed Message Authentication Code) SHA-1 for OpenVPN is still safe: this is much less vulnerable than the standard SHA-1 hashes since someone would need to break HMAC in the first place and then start brute force collision attempts against the hash itself. Still, we recommend opting for the newer version, SHA-2, if available.

Recommended VPNs with strong encryption

NordVPN

NordVPN
NordVPN
Editor's rating:
Reviews
  • Intuitive multiplatform apps
  • Double VPN and P2P support
  • Plenty of security features
  • Large VPN network with consistent speeds
  • Trustworthy no-log policy
  • Limited VPN protocols options
Starting price: $3.99/mo Visit NordVPN

Private Internet Access

Private Internet Access
Private Internet Access
Editor's rating:
Reviews
  • Unlimited devices
  • DNS leak protection
  • Suitable for all users
  • Completely customizable
  • Attractive pricing
  • Slow servers
  • Lack of a free version
Starting price: $2.19/mo Visit Private Internet Access

ExpressVPN

ExpressVPN
ExpressVPN
Editor's rating:
Reviews
  • Extensive device support
  • Exceptional speed
  • Intuitive apps
  • Convenient extras
  • 7-day free trial for mobile devices
  • Higher prices than competitors
  • Only 8 simultaneous connections
  • No multi-hop
Starting price: $6.67/mo Visit ExpressVPN
User Feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2024 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us