Encryption Strength: 128bit, 1024bit, 2048bit, 4096bit … so what ?

VPN In-depth Add comments

There is a lot of misunderstanding and misrepresentation regarding encryption strength and how most VPN providers talk about it. In fact, we would say that most of them don't have any idea what they are talking about, or if they have, they try to fool possible users in believing that they are more secure than other VPN services …

Let's see some examples from live VPN sites :

vpn strength, vpn security, vpn encryption level, vpn bit, vpn 1024bit, vpn 2048bitvpn strength, vpn security, vpn encryption, vpn encryption level

What does 2048 bit Encrypted connection mean ? And what about 128-2048bit security ? Let's try to clarify it as simply as possible….which in itself is challenging when discussing encryption! :D. We will do our best.

Firstly, encryption strength is related to a type of service. So we have to know if we are talking about PPTP or L2TP or OpenVPN or SSH. Once we know the type of service that we are talking about, we can better assess the information that the VPN provider gives to us related to its strength.

PPTP

So focusing first on PPTP…. it can (and should) offer a maximum strength of 128 bits. Encryption using PPTP is provided by the use of Microsoft Point-to-Point Encryption (MPPE) protocol that can just handle 40-bit, 56-bit and 128-bit session keys. So when talking about PPTP, don't be fooled: 128 bits is the maximum strength that you can expect.

Anyhow, security wise, the biggest problem with PPTP is not related to the length of its key (there are other protocols very secure with similar key lengths), but to its underlying implementation that has several flaws. You can read more here.

OPENVPN

Although OpenVPN can be configured in several ways, let's focus on the most typical one found in many VPN providers.

In this typical configuration, first the peers taking part in the communication (you and the VPN server to which you are trying to connect) will authenticate to each other. Once this has been done and the VPN tunnel is established, the proper flow of encrypted data from and to your computer will begin.

The authentication process will usually take place using Public-Key Cryptography and/or username and password. When you read about 2048 bit keys, or 4096 bit keys or something like this, you are reading about the key used during the authentication phase of the communication.

But once authentication has happened and because Public-Key algorithms are really slow, OpenVPN will switch to Symmetric Cryptography to actually encrypt the data that is sent between you and the VPN server. This encryption will take place using a given type of symmetric algorithm (AES, Blowfish, Twofish …) and with a given key length (128bit, 192bit, 256bit, 448bit …).

Most probably this last key length is the one you would worry more about along with the type of algorithm that the VPN provider is using. As you can see none of these symmetric key lengths get anywhere close to those 2048bit ot 4096bit keys that some VPN providers boast.

Having longer symmetric keys will increase security at a performance cost (more or less depending on the algorithm selected). All depends on how paranoid we are and the options that the VPN service provider gives to us.

Hope we have clarified things a bit


Get Your VPN NOW!

10 Responses to “Encryption Strength: 128bit, 1024bit, 2048bit, 4096bit … so what ?”

  1. Taghi Gheisari Says:

    Thank you very much for your very helpful explanation.

  2. John Tacchini Says:

    Extremely clear and helpful, could you suggest any consultant to choose the best solution for the specific? Thanks!! JT

  3. Peter Males Says:

    Thanks a lot… very helpful explanation. You brought some light into the darkness…
    all the best
    Peter

  4. Blog TUVPN.COM - VPN Performance Tests For Different Ciphers and Key Strengths Says:

    […] Up to here we have just been playing with cipher and key length. So we have strengthened the data channel of the VPN. […]

  5. Blog TUVPN.COM - China VPN Promotion Says:

    […] You can also read more about OpenVPN encryption in one of our blog posts HERE. […]

  6. Blog TUVPN.COM - Oferta TUVPN: ¡VPN para China! Says:

    […] También puedes leer más acerca del cifrado de OpenVPN en uno de nuestros artículos, AQUÍ. […]

  7. Blog TUVPN.COM - China VPN Promotion! Says:

    […] You can also read more about OpenVPN encryption in one of our blog posts HERE. […]

  8. Blog TUVPN.COM - PPTP vs L2TP/IPSec Says:

    […] The main drawback of PPTP versus L2TP/IPSec is the encryption strength (for a good introduction to what it is encryption strength and why you care, check this). […]

  9. Irvin Says:

    Thanks alot, this helped a whole lot…If you would recommend a VPN service,which will you suggest ?? Thanks and God bless.

  10. Jerry Says:

    This design is wicked! You obviously know how
    to keep a reader amused. Between your wit and your
    videos, I was almost moved to start my own blog (well, almost.
    ..HaHa!) Fantastic job. I really loved what you had
    to say, and more than that, how you presented it. Too cool!

Leave a Reply

Get Your VPN NOW!

©2011 TUVPN.COM. All rights reserved.