Data Encryption and Personal VPN Safety

TwitterGoogle+FacebookLinkedInPinterestTumblrStumbleUponRedditShare This

Alvin Bryan

Alvin Bryan is a freelance writer and online privacy enthusiast enthusiast currently contributing quality tips and troubleshooting on personal VPN services, and online privacy and security news. You can also find him on Google +.

Keeping information private was the whole idea behind the VPN when it was first conceived. Now that individuals are using personal VPNs as an added security measure, the question now is, do they really keep you safe? Not all VPNs are alike, so what needs to be evaluated are the tunneling protocols used and the authentication and data encryption that go along with them.

Point-to-Point Tunneling Protocol (PPTP) is the oldest, and has the most limited security. Data Encryption Standard (DES) and 3DES (Triple DES) with their 56-bit key have improved to 128-bit RC4 encryption, but can still be broken without using a brute force attack. It uses the Extensible Authentication Protocol, which has many weaknesses, and only the PPP payload is encrypted.Brute Force Attack on data encryption

Layer 2 Tunneling Protocol (L2TP) has weak encryption, so it has been combined with Internet Protocol security (IPSec). L2TP/IPSec has 256-bit data encryption, which is big enough so that the key can stand up against brute force attacks, but slows down the processes. It uses Advanced Encryption Standard (AES), only breakable through brute force attack. L2TP authentication is weak, but IPSec used key certificates to identify the computer on the other end. The two layers wrap the PPP frame in an L2TP header and a UDP header, and again in IPsec ESP and Authentication.

Secured Socket Tunneling Protocol (SSTP) uses HTTPS. HTTPS, which is HTTP over SSL, ensures that the data can get through firewalls and proxies without a hitch. SSTP uses 2048-bit data encryption and encapsulates the PPP frame with IP datagrams only. There is no known computer with the processing speed required to crack 2048 bits, but the processing time is very slow, making it impractical for most common file transfers like bank transactions.

ExpressVPN SSL secure with data encryptionSSL is an additional layer for authentication, creating an encrypted channel that does not allow any data to be sent unless it has been authenticated. It gives the highest level of key negotiation and transfer security, but a low encryption overhead. This means that the key used to decode the cypher is well-protected, and there is very little chance that any data can leak through the tunnel during the transfer, but the encryption is vulnerable to a brute force attack. SSL authentication certificates so far give the best guarantee of correct identification, and the connection is secured from before the tunnel is opened to the point the transfer is complete.

Since each of these protocols has its weakness, a combination is the logical choice for the best security. An SSL based SSTP provides the benefits of the highest data encryption and authentication levels without the problem of slow processing. OpenVPN is an SSL based protocol designed to work faster but maintain the highest security. OpenSSL encryption provides the benefits of SSL authentication, key negotiation and transfer security, with 160-bit data encryption for speed, which works well against brute force attack in combination with the other features.ExpressVPN high speed secure VPN with data encryption

ExpressVPN offers OpenVPN by default, remaining secure and reliable even over great distances, and on unsecure, open public Wi-Fi hotspots. Visit the ExpressVPN website to know more about how OpenVPN is the safe personal VPN.