VPN (Virtual Private Network) encryption is extreme math nerd stuff VPN protocols use to encrypt your data. And by “encrypt,” I mean turn it into gibberish nobody who intercepts the data can read. Of course, the explanation is more technical than that, but I wrote this article to be as simple as possible, so read on.
Table of contents
Encryption simplified
Encryption is the science of turning normal text into a ciphertext nobody can read. It dates back to ancient times (Julius Caesar knew something about it) and sometimes appears as breakfast cereal toys.
You’ll need an encryption key if you want to encrypt or decrypt something. It’s a piece of info explaining the encryption.
For example, a simple ROT13 cipher replaces a letter with one that’s 13 letters behind it in the alphabet. If you know that a page full of gibberish you’re holding is a ciphertext encrypted with a ROT13 cipher, you can decrypt it by doing the necessary letter shifting. In this case, the encryption key would be “shift the letter 13 spaces in the alphabet.”
Of course, we have computers these days, and computers are very good at brute-forcing ciphertext, cracking ROT13 easier than effortlessly. That’s why leading encryption protocols use AES-256 algorithms (more on them later!).
What types of encryption exist?
The sorting of encryption depends on encryption keys, and only two exist — the symmetric and asymmetric keys.
Symmetric key encryption
Symmetric encryption is easy to explain. If Person A and Person B communicate via symmetric encryption, they use the same encryption key. ROT13 is an example of symmetric key encryption.
The approach is simple, and while the key can be as complex as you want, the complexity doesn’t matter. The important thing is that both parties have the same key. But therein lies the problem: how does Person A safely transfer the key to Person B?
It’s fairly easy for, say, old-timey intelligence agencies:
- Put the keys on a cipher pad;
- Chuck it into a suitcase;
- Lock it;
- Attach the suitcase to the wrist of a serious man via handcuffs;
- Put him on the next plane to Berlin.
But what if you’re a VPN user who needs to make an encrypted connection to a VPN server? Here, asymmetric encryption can help.
Asymmetric encryption
Asymmetric encryption, or public key encryption, uses two sets of keys — public and private. The sender encrypts the data, and the recipient decrypts it. Asymmetric encryption uses a public-private key pairing, which means the data encrypted with a public key can only be decrypted with a paired private key.
When you want to send an encrypted message, you can pull the recipient’s public key from a public directory and use it to encrypt the message before sending it. The recipient will only be able to decrypt the message using their related private key. Good job, double-oh-seven!
These days, encryption protocols use both methods: they establish communication via asymmetric encryption and then use it to exchange keys used in symmetric encryption safely. This is what happens when AES-256 does its magic — let’s talk about it now.
All you need to know about the advanced encryption standard
AES (Advanced Encryption Standard) is referred to as a block cipher because it splits the data into blocks and applies different cryptographic keys to each. Both the keys and blocks are measured in bits. And the keys come in different sizes — 128, 192, and 256 bits. Hence AES-256 produces 256 blocks of ciphertext from 256 blocks of plaintext.
The longer the encryption key, the longer it takes to crack it. And the longer it takes to crack, the more robust the encryption is. It would take billions of years for the fastest computer on Earth to brute force AES-256.
AES-256 encryption is a widely utilized cryptographic standard because there are no known ways to decrypt a message encoded with it in a lifetime. It’s trusted by NordVPN and Surfshark, as well as most of the VPN industry.
What does encryption do in a VPN?
Encryption is what puts “private” in Virtual Private Network. Let me demonstrate with an example what happens when you try to use a VPN to access a geoblocked website:
- You send the request (by going to the website) to your VPN client (app, browser extension, etc.);
- The VPN client receives your requests and establishes an encrypted VPN tunnel to the VPN server, which it uses to send encrypted data;
- As the server forwards your request to the internet (the website you’re trying to access in this case), the data is decrypted;
- The website accepts the request and sends it back to the server;
- The server then encrypts the data again and sends it to the VPN client;
- Finally, your VPN client decrypts and sends the data back to you.
It’s a complicated process, but with the processing power of today’s devices, it happens in moments. Now, let’s explain just the encryption part of the protocol.
How does VPN encryption work?
Computer geeks have developed ways to create secure channels over the insecure internet. Here are four steps explaining how secure encryption is achieved over a VPN connection.
Step 1: Asymmetric key exchange | Step 2: Symmetric key exchange |
|---|---|
Firstly, you do a handshake — a VPN client and a VPN server start communicating by exchanging asymmetric keys. Two encryption keys get made: public and private. The public one only encrypts data and is sent to the other party. They then use your supplied public key to encrypt data so only you can decrypt it. Thus, secure communication is established over an open channel. | Secondly, you do a symmetric key exchange. A new and unique key is created. It’s going to be used by an encryption algorithm to transfer the data. Every session gets a new and unique key. At this point, you will have achieved perfect forward secrecy. That means if your encrypted channel from the previous step was compromised, the symmetric key exchange makes sure your data stays secure. If somebody wanted to see the data, they’d have to decrypt each session separately. |
Step 3: The encryption algorithm | Step 4: Integrity algorithms |
Thirdly, the encryption algorithm uses the symmetric key derived before. AES-256-GCM, which we mentioned earlier, is one of them. You now encrypt all your data with it. | Finally, integrity algorithms are utilized to check if anyone messed with the data in transit. Simply put, you use a mathematical hash function to scramble a part of the information that you’re sending. The receiving party can now check both this function and your private key. If we have a match, the information hasn’t been interfered with. |
And that’s it! All of this might sound complex, but it doesn’t require your interaction at all. You click the “Connect” button, and the app puts those VPN clients to work.
What do VPN protocols have to do with encryption?
A VPN protocol is a set of procedures outlining all the steps taken to create and maintain a VPN connection, including encryption. However, many VPN protocols aren’t as safe as you’d want them to be due to their obsolete encryption.
Currently, AES-256 is employed by every reputable VPN protocol under the sun. One of the main reasons you should never, ever use PPTP is that it uses 128-bit encryption.
Protocol | Encryption | Use |
|---|---|---|
OpenVPN | AES-256 | Everyday use; putting a VPN on routers |
IKEv2/IPsec | AES-256 | Mobile devices, short-range connections, everyday use |
WireGuard | ChaCha20 | The hottest new thing for everyday use |
SoftEther | AES-256 | Everyday use |
PPTP | 128-bit | A tunneling protocol; no reason to use it outside ancient technology |
SSTP | AES-256 | A Microsoft tunneling protocol; for connecting Windows devices |
L2TP/IPsec | AES-256 | No reason to use it as IKEv2 is better in every way |
Surfshark VPN uses IKEv2/IPsec, OpenVPN, and WireGuard with the AES-256-GCM algorithm, which is faster than only AES-256.
How to check if your VPN is encrypted
You can test VPN encryption with GlassWire or Wireshark. Both of these tools are free to download and use.
Wireshark is more precise in testing VPN encryption because it checks individual data packets going in or out of your device. However, unless you’re very suspicious of the VPN you’re using, GlassWire should be enough.
Test VPN encryption with GlassWire
- Download GlassWire and follow the installation process;
- Run the program;
- Connect to a VPN of your choice;
- Do something that generates traffic on the internet (watch a video or download a file);
- Select Usage;
- Go to the Apps menu on the left;
- Search for the VPN type you’re using (e.g., if you’re connected to OpenVPN, find OpenVPN Daemon) and click on it;
- Verify the traffic type.
Now you can inspect if the VPN is routing traffic securely.
Test VPN encryption with Wireshark
- Download Wireshark and follow the installation process;
- Run the program;
- Choose the network to capture: wired (Ethernet) or wireless (Wi-Fi), and click on it;
- Click on packets of data and inspect them.
If the packets appear unreadable/gibberish and there’s nothing written in plain text, then it means your VPN is encrypted.
An example of encrypted data:
Why is encryption needed?
VPNs establish secure and private communication tunnels between a device and the internet. The security part is achieved using encryption.
For instance, if a hacker intercepts the data stream from your device, they can listen in on your conversations over VOIP (Voice Over IP, like calls on Messenger), see you inputting your passwords, and even inject malicious data using the man-in-the-middle attack.
A VPN encrypts that data. So even if a hacker were to intercept, your data would be unintelligible and rendered unusable to the hacker, therefore secure. There’s another use for encryption.
Because your data isn’t private
I believe a person deserves privacy, and it should be up to you what you disclose to the rest of the world. Your mobile service provider sees what you scroll through; your internet service provider knows your browsing habits; the web pages you frequently visit know what you like.
That’s because of how internet data traffic flows — it passes through your provider’s servers, and that’s how you access the internet. And that is fine as long as nobody uses your data against you or benefits from it.
Of course, there are data protection laws, but encrypting it is a surefire way of making it inaccessible to anyone but you and the intended recipient. As the saying goes, ‘‘Better safe than sorry,’’ and use a VPN.
The takeaway: get a VPN with strong encryption
VPN encryption is a complex and technical subject. However, I hope you found my explanations, metaphors, and simplifications easy to follow. If I did my job well enough, you should know much more about what a VPN is.
What can you do with this information? Get a VPN with trustworthy encryption to boost your online privacy and security when streaming your favorite content online. May I suggest Surfshark?
Experience the power of AES-256-GCM encryption
Get Surfshark
FAQ
Are all VPNs encrypted?
All VPNs should be encrypted — otherwise, they wouldn’t be private. On the other hand, free VPNs are shady and could be skipping out on encryption.
Is VPN encryption end-to-end?
No, the traffic is only encrypted between you and the VPN server. If the VPN server didn’t decrypt the data before forwarding it, the recipient couldn’t read it.
Does a VPN encrypt all of your data?
Yes, a VPN will encrypt all the data you send over the internet. It also encrypts all the data a VPN is installed on — if it’s installed on a router, then a VPN will encrypt the data passing the router; if a VPN is installed on a laptop, it’ll encrypt a laptop’s data, and so on.
What is the best VPN encryption?
The best VPN encryption currently is AES-256 for OpenVPN and IKEv2, while ChaCha20 is best for WireGuard. So make sure to look to download a VPN that uses these encryption algorithms together with secure VPN protocols.
Written by
Antanas Rimeikis
Just a guy bent on sharing his fascination with the cyberworld.
Rate and share this article
4.2/5
Alright, let's break down the key concepts related to VPN encryption discussed in that article.
-
Encryption Basics: The article describes encryption as the process of turning readable text (plaintext) into unintelligible data (ciphertext) through complex mathematical algorithms. This concept dates back to ancient times and involves encryption keys that are essential for encryption and decryption.
-
Symmetric and Asymmetric Encryption: Symmetric encryption uses a single key for both encryption and decryption, while asymmetric encryption employs a pair of keys (public and private) for this purpose. Asymmetric encryption resolves the challenge of securely sharing keys between communicating parties.
-
Advanced Encryption Standard (AES): AES is a widely trusted encryption algorithm. It's a block cipher that splits data into blocks and uses cryptographic keys. AES-256, in particular, uses a 256-bit key, making it incredibly secure and practically unbreakable.
-
VPN and Encryption: VPNs create secure, private connections by encrypting data transferred between your device and the internet. The encryption process involves several steps, including asymmetric and symmetric key exchanges, encryption algorithms (like AES-256-GCM), and integrity algorithms to verify data integrity.
-
VPN Protocols and Encryption: Different VPN protocols utilize various encryption methods. Reputable VPN services commonly use AES-256 encryption within protocols like OpenVPN, IKEv2/IPsec, WireGuard, etc., while older protocols like PPTP are less secure due to weaker encryption.
-
Testing VPN Encryption: Tools like GlassWire and Wireshark can help test VPN encryption. They analyze data packets to ensure they're encrypted and secure.
-
Importance of Encryption in VPNs: Encryption in VPNs ensures data privacy and security by rendering intercepted data unreadable. It protects against eavesdropping, data manipulation, and maintains user privacy from ISPs and other potential threats.
-
Choosing a VPN with Strong Encryption: The recommendation is to opt for VPN services that offer robust encryption (like Surfshark using AES-256-GCM) to enhance online privacy and security.
-
FAQs on VPN Encryption: These address common queries regarding the encryption level of VPNs, the scope of encryption, and the importance of choosing a VPN with strong encryption.
Understanding these concepts is crucial for anyone interested in leveraging VPNs for privacy and security while navigating the digital world.
