Ok, I’ll admit it. I, Jack the III, had a character-affirming moment.
You see, it came to my attention that there’s still wise guys around who don’t believe in the power of a VPN. Have I failed in my mission to bring privacy to all, I wondered, munching over a sugar cube I found stuck in my sofa… when I realized that I’ve never taken the time to explain to you exactly how a VPN works. So of course you can’t be fully convinced!
If you don’t know how a VPN works, then how can you possibly understand why they’re so great? Lucky for you I spent the night idiot-proofing this guide to encryption for you.
(At least, I tried. I’m a cartoon donkey, not a miracle worker.)
What is VPN encryption?
When I said idiot-proof, I meant it.
“Encryption” is just a smarter way of saying “scramble”. When you encrypt data, you’re mostly just turning it into an unintelligible mush before sending it out onto the web. Unintelligible mush isn’t very useful, though, so the data is unscrambled when it reaches its destination so it can be read by the intended recipients. That’s the long and short of how VPNs work, but I’m being told I can’t go home yet, so I guess we’re gonna get into the nitty-gritty here.
Let’s say you’re at the airport and you missed your flight because you were too busy chugging some Starbucks. Because you lack a sense of self-responsibility, you decide to connect to the open Wi-Fi so you can complain on the airport’s Facebook page. But if you forgot to turn on your VPN before doing that, anyone else on that network could track what you’re doing and what you’re typing, which will probably include your Facebook’s terrible password, and a search for how to get a jenny to notice you (I’m not ashamed — donkey’s have needs too).
Let’s take this hypothetical one step further and say you also decide to book your next flight on your phone because you’re allergic to social interaction. Well, congratulations: now some jerk can see all that information too, including your credit card details. Basically, you can think of public Wi-Fi like a nude beach: you’re welcome to visit, but if you do, you gotta strip down and show off all your ugly knobby bits to everyone else there. Unless you use a VPN, which lets you cover your shameful body, all while enjoying the sun and the surf.
Common VPN terms
So enough introductions. You know that VPNs keep you safe, but now let’s talk about how. I can’t promise it’ll be fun, but I can promise it’ll make you feel smarter by the time you’re done reading it.
- VPN protocol — the framework your VPN provider uses to transfer data and encrypt it. Most VPNs offer several protocols, with the most popular ones being PPTP, OpenVPN, L2TP/IPSec, and IKEv2/IPSec. Here’s an article explaining more about VPN protocols than you ever wanted to know.
- VPN encryption key — a super-strong password used to encrypt and decrypt data, known only by your PC/device and the VPN server. Key length is measured in bits (binary code made up of 1s and 0s) and can come in several different sizes, but remember: just like your first girlfriend may have told you, bigger doesn’t always mean better (ouch).
- Encryption algorithm or cipher — the specific encryption method used by your VPN provider. Some algorithms are more secure but they slow you down; others are fast but not as secure. Some, like HMA!’s, are perfect. And if you can’t trust a mascot’s subjective opinion, what can you trust?
How does VPN encryption work?
As I said before, a VPN will encrypt your data, which will then be decrypted by the person you’re sending it to. This is called “end-to-end encryption”, because computer nerds are bad at naming things. A lot of times we describe a VPN as a “tunnel”, but since we’re being all technical it’s more like a magic blender. A VPN jumbles up your data, delivers that hot mess to whoever you’re trying to reach, and they then use the magic blender to un-jumble that messy data into something comprehensible again.
Wanna see what an encrypted message looks like? Head to any online encryption website. I used encode-decode.com to generate some weird gibberish using AES-256. Here’s what I got:
Using software that applies an encryption algorithm, unencrypted data (or plain text) is turned into humanly-unreadable ciphertext. At the same time, the software generates a long string of numbers which acts as a unique key to decrypt your data. When you use a VPN, only the people you’re trying to connect to have that key. Which means they can read it, while everyone else is SOL.
Feeling confused? Sucks for you, because it only gets worse from here.
VPN encryption keys
Oh boy, let’s whip out another metaphor.
Let’s pretend you left your window open and a cat gets into your house. First of all, congratulations on finally getting some tail in your life. Second, your home alarm system goes crazy because it knows it’s not supposed to be there. Having an alarm blaring in your ear is kind of annoying, but sadly, you forgot the PIN number for turning it off. Thankfully, your mom remembers, so after promising you’ll finally take her to the doctor to get that thing removed, she gives you the PIN and the alarm is turned off. Crisis averted.
Now, most PINs are just four numbers long. Let’s pretend for a second they were a bit longer, like, 256 numbers. Now let’s pretend you’re not a fallible human, but a perfect unfeeling machine. While we’re at it, let’s pretend it wasn’t a cat that got into your house, but a packet of encrypted data. And finally, let’s say your mom is actually the person who sent you that package. Ta-da, that’s how encryption keys work.
VPNs commonly use 128 or 256-bit keys. With these, there are over 2¹²⁸ or 2²⁵⁶ possible combinations, which means trying to guess the key is a wee bit impractical. Of course, the longer the encryption key, the harder it is to crack, but that also means that it takes longer for a computer to unlock it, even if it knows the right combination. Case in point: some algorithms support 2048 or 4096-bit keys — that’s a befuddling 2⁴⁰⁹⁶ possible combinations. These keys are so long (and the files so large) that they’ll make your computer want to quit its job and go to the same farm upstate where all my ‘retired’ relatives have gone.
Which is the best VPN encryption algorithm?
Encryption algorithms can be split into two categories:
- Symmetric encryption is when both you and the receiver share the same encryption key, which needs to be sent from one side to the other to help decode the data. But then everyone could see what that code is, so it’s less “secure” and more “inconvenient”.
- Asymmetric encryption tries to solve this security conundrum by giving both you and the receiver two separate keys: a public one to encrypt the data, and a private one to decrypt it. There’s no need to share your private codes with anyone. Ever. You use the recipient’s public key to encrypt the data, and they can only decypher it with their own private key.
AES (Advanced Encryption Standard) and Blowfish are popular symmetric algorithms, typically used with 128 or 256-bit keys. While they’re technically not unhackable, they’re fast and lightweight, making them perfect for people who aren’t sending launch codes or Game of Thrones spoilers. On the other hoof, asymmetric encryption (such as RSA) is slower, but far more secure, using 2048 or 4096-bit keys. But you aren’t stuck with just one or the other: you can get the best of both worlds using asymmetric encryption at the beginning, then switching to shorter symmetric keys.
What is the most secure VPN encryption?
Here’s the thing: many services encrypt your data already — specifically using something called Transport Layer Security, or TLS. TLS uses symmetric cryptography to protect your data, and it’s easy to spot: websites that use it should start with “https://” instead of “http://”. TLS is good enough for dealing with phishers, outsiders, and other shizzle, but it’s a far cry from what you’d need to avoid being snooped on on public Wi-Fi… or to prevent third party and government surveillance. That business is why you need end-to-end encryption.
End-to-end encryption is an implementation of the asymmetric algorithm, and as you might recall from earlier, it’s what VPNs use. Whatever you send using that can only be seen by you, and the person you sent it to. Not even Big Brother could gleam what it is you sent, so if you’ve got any big November 5th plans, that’d be a great way to share ‘em with your pals.
But at the end of the day, AES is considered the safest and quickest way to encrypt your data, which is why HMA! uses it. And if this whole rundown wasn’t dull enough for you, check out this VPN protocol comparison to have all the advantages and disadvantages of VPN technologies laid out before you.
How can you tell what encryption a VPN uses?
Great question, Jim. Here’s the answer: just check. Head to your VPN’s website and do some research. Don’t just read the marketing stuff, check out the FAQs and support page, too. That’s where you find all the juicy, useful bits, even if it’s sort of lacking in what the kids call ‘sex appeal’.
As I mentioned earlier, HMA! uses AES 256-bit encryption, which has 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936 possible combinations. And while I’ve been called something of an egomaniac, not even I think I could crack something like that, even if I had every supercomputer in the world in my basement. And if that level of protection sounds appealing, then buy it here. My trenchcoat collection ain’t gonna grow itself.
But frankly, I don’t care what VPN you use, as long as it doesn’t suck and it keeps you private. End of the day, that’s what matters most.