Everything you wanted to know about VPN encryption but were to

overwhelmed by the techie jargon to ask

They say that a VPN is only as good as its encryption capabilities, but encryption in
itself is not the simplest of topics. The terminology used to determine how secure a VPN
connection is, can get very confusing, very quickly. Slapdash to the point of being
misleading, many VPN providers describe the encryption they use in a telegraphic
manner or worst, they dont describe it at all.
Eavesdroppers are kept away, when using a
VPN app. that encrypts your data and
cloaks your IP address and its important to
know how secure your VPN really is by
simply becoming acquainted with jargon.
OPEN VPN CYPHERS
Before getting familiar with security
standards and encryption protocols, lets
just focus on this pretty impressive feature
for a VPN to have, the Open VPN Cipher:
AES (Advanced Encryption Standard) with
256-bit keys also known as the AES-256.
This security standard is basically the same
encryption standard adopted by the U.S.
government and used by security
experts worldwide to protect classified
information.
Right below we have AES- 128, the Open VPN Cipher used by My IP.io, which
remains secure as far as the AES in general is regarded. The mathematics of the 128 bit
AES says that a billion billion years are required and a supercomputer for a brute force
attack to crack it.
Pretty impressive, huh?
For the sake of the argument, it is worth mentioning that given sufficient time, a brute
force attack is capable of cracking any known algorithm.
With this in mind, heres the actual math of the number of years it would take to crack
128- bit AES (notice the exponential increase depending on the key size!)

No. of Years to crack AES with

128-bit Key = (3.4 x 1038) /
[(10.51 x 1012) x 31536000]
= (0.323 x
26
10 )/31536000
= 1.02 x 1018
= 1 billion billion years
Of course AES is not perfect, but
hey! math doesnt lie and the fact
that governments and businesses
place a great deal of faith in the
belief that AES is so secure that
its security key can never be
broken, despite some of its
inherent flaws and that it has been a standard coined by the U.S. National Institute of
Technology (NIST) since 2001, its no insignificant detail.
A VPN is only as good as its encryption capabilities.

Wikipedia defines encryption

as being the process of encoding data
in such a way that only authorized
parties can read it. Encryption does
not of itself prevent interception, but
denies the message content to the
interceptor. In an encryption scheme,
the intended communication
information or message, referred to
as plaintext, is encrypted using an
encryption algorithm, generating
ciphertext that can only be read if
decrypted.
For technical reasons, an encryption scheme usually uses a pseudo-random encryption
key generated by an algorithm. It is in principle possible to decrypt the message without
possessing the key, but, for a well-designed encryption scheme, large computational
resources and skill are required. An authorized recipient can easily decrypt the message
with the key provided by the originator to recipients, but not to unauthorized
interceptors.
Simply put the above statement can be summarized in the idea that encrypted data can
be decoded only with the right decoder.

An encryption key tells the computer what computations to perform on data in order
to encrypt or decrypt the data.
There are two main encryption models:
symmetric-key encryption, based on the same key used to both encrypt and
decrypt a message shared among all users.
public-key encryption, each computer (or user) has a public-private key pair.
The private key from one computer (or user) encrypts the message, while the
other computer uses the corresponding public key to decrypt that message.

The Tunnel, a Matrioshka of files:

Essentially, when using a
VPN app., data is
encrypted at each end of the
tunnel and decrypted at the
other end.
The tunnel itself is simply
the path connecting two
locations (flashback to a
tunnel going under a
mountain, where the
mountain is the internet
and the tunnel is the safe
path through the other
side).
When it reaches the
internet, each data file is
broken into a series of
packets to be sent and
received by devices
connected to the internet, as
the de facto manner in
which data travels online. In this context, tunneling is the process of placing an entire
packet within another packet (yeah! Just like a Russian nesting doll, a Matryoshka of
files) before being sent on the internet. That outer packet protects the inner packets and
ensures that the cargo moves within the virtual tunnel.

ENCRYPTION PROTOCOLS
While the tunnel itself is not encrypted, but encoding can be added, a VPN needs more
than just a pair of keys in order to apply encryption. This is where protocols come in.
IPSec or Internet Protocol Security is a widely used protocol for securing traffic on IP
networks, including the Internet. IPSec can encrypt data between various devices,
including router to router, firewall to router, desktop to router, and desktop to server.
In a nutshell, IPsec provides mechanism, not policy: rather than define such-and-such
encryption algorithm or a certain authentication function, it provides a framework that
allows an implementation to provide nearly anything that both ends agree upon
(source: Friedl).
IPSec consists of two sub-protocols which provide the instructions a VPN needs to
secure its packets:
Encapsulated Security Payload (ESP) encrypts the packet's payload (the
data it's transporting) with a symmetric key.
Authentication Header (AH) uses a hashing operation on the packet header
to help hide certain packet information (like the sender's identity) until it reaches
destination.
VPNs use IPSec in tunnel mode with IPSec ESP and IPSec AH working together.
In a remote- access VPN, tunneling typically relies on Point-to-point
Protocol (PPP)
However, when trying to determine the VPN app. of choice for you, you might meet
one of these three protocols based on PPP:

L2F (Layer 2 Forwarding) -- Developed by Cisco; uses any authentication

scheme supported by PPP;
PPTP (Point-to-point Tunneling Protocol) -- Supports 40-bit and 128-bit
encryption and any authentication scheme supported by PPP;
L2TP (Layer 2 Tunneling Protocol) -- Combines features of PPTP and L2F
and fully supports IPSec; also applicable in site-to-site VPNs

Secure Shell SSH

SSH, also known as Secure Socket Shell, is a network protocol that provides
administrators with a secure way to access a remote computer. SSH also refers to the
suite of three utilities that implement the protocol: - slogin, ssh, and scp - that are
secure versions of the earlier UNIX utilities, rlogin, rsh, and rcp.
Secure Shell provides strong authentication and secure encrypted data communications
between two computers connecting over an insecure network such as the Internet. SSH

is widely used by network administrators for managing systems and applications

remotely, allowing them to log in to another computer over a network, execute
commands and move files from one computer to another.
At its core, Secure Shell (SSH) is a UNIX-based command interface and protocol for
securely getting access to a remote computers. SSH allows you to connect to your server
securely and perform Linux command-line operations.
SSH commands are encrypted and secure in several ways. Both ends of the client/server
connection are authenticated using a digital certificate, and passwords are protected by
being encrypted.
My IP.io comes bundled with a variety of VPN encryption protocols, supporting all
the latest security protocols including SSTP, PPTP, IPSec, L2TP, SSTP and
128bit AES, OpenVPN cipher.
When you use the MY IP.io app, you can easily switch between
protocols, although its recommended that you stick with the default protocol
Sources:
Howstuffworks.com
Unixwiz.net