Choosing a Secure VPN: Encryption Algorithm, Key Length, and Data Authentication.

MO
SzerzőkMaxim Orlov, Aleksei Morozov
Frissítve: 2026. február 14.
02 p

We continue to explore which indicators and how they affect the security of VPN. This is one of the most important articles in the series, where we will discuss the choice of encryption algorithm and key length, as well as methods of data authentication.

Encryption Algorithm

To understand what an encryption algorithm is, recall the story of Caesar. To encrypt his text, he used letter shifting – this is the encryption algorithm. Imagine that instead of shifting, he started using letter substitution with some symbols, and that would be a different algorithm.

OpenVPN offers two encryption algorithms: AES and Blowfish. Both of these algorithms have proven to be reliable, and if you are not a mathematician, there is no point in delving into their architecture.

In my solutions, I use AES. The manuals from OpenVPN Technologies recommend using Blowfish, as it is slightly faster than AES.

Key Length

Returning to Caesar's story; he and the senator have already created a unique session key by sending each other a total of 4096 messengers, and each of them reported some new change. However, it would be very inconvenient for them to make 4096 changes in the text, it is long and complicated, so they decide to transmit another simpler key through a securely encrypted channel (4096 changes), where there will only be 256 changes. This allows them to significantly speed up their correspondence, but if they had simply sent each other this key right away, it could have been intercepted by enemies.

Today, VPN providers offer 128-bit and 256-bit keys. Reports from mathematicians and cryptologists indicate that as of 2018, a 128-bit key can only be decrypted in special data centers with very large capacities and it will take a very long time. A computer capable of decrypting data encrypted with a 256-bit key, according to scientists, has not yet been invented.

According to many VPN providers, a 128-bit key is the optimal solution in terms of security and performance. When using a 128-bit key, encryption occurs faster than with a 256-bit key, creating less load on the server and the user's device.

Hasznos?

Előző cikkChoosing a Reliable VPN: TLS Authentication, Connection Port, and Session Key.Következő cikkVPN Providers and Logs. Working with Law Enforcement Requests.

Maradjon naprakész

Iratkozzon fel frissítéseinkre, hogy soha ne maradjon le semmiről.