If you’re new to the world of VPNs or even if you’ve been around them for a while keeping up with the best encryption method is a tricky task. There is just so much choice out there and every provider appears to be offering different standards.
While some public VPN providers offer high levels of encryption others offer the lower end of the scale and the situation becomes even more confusing when advertising slogans refer to data encryption but fail to mention the encryption used for authentication (handshaking) or vice versa.
In my years of VPN use and writing I’ve noticed that providers who offer lower encryption often state the payoff for higher encryption is speed and while this in theory is true it doesn’t always factor when comparing VPN providers.
Often those that offer lesser encryption have a worse, oversold network and so speeds are only comparable or lower than those that offer higher encryption.
If those low encryption providers increased their encryption levels they know themselves their network would grind to a halt for their users and so they continue to sell the lower encryption as a “bonus feature” giving you better speeds when in reality these can still be achieved with higher encryption at least on a desktop system from a good VPN provider.
The different types of Encryption
Firstly there are four main types of VPN standard, these include PPTP, L2TP/IPSec, OpenVPN and the lesser popular SSTP. OpenVPN is the recommended standard, however if this isn’t available on the device you’re using then aim to use either L2TP or SSTP.
PPTP is not recommended so unless you’re just using a VPN to bypass a geo-block then avoid it when possible.
In terms of Encryption, there are two critical areas to consider.
First is the encryption used for authentication also known as the control channel. Authentication is the point where your VPN provider checks your login and password details to ensure that your account is valid, you are who you say you are.
Second there is the data channel. The data channel is the encryption used in the secure VPN tunnel encrypting the data between your system and the VPN server, this is your fluffy youtube cat videos, your emails and whatever else you get up to on the internet.
As mentioned earlier encryption can affect speed which is why you’ll often see high encryption for the authentication and lower for the encryption of the actual data passing through.
Remember not to confuse the encryption levels of the control and data channels, they are separate issues.
Generally using higher encryption levels is suited to desktop or laptop systems. I found in a recent VPN router review that higher encryption was just too much for the hardware of the router and seriously curtailed the speeds I could achieve down to 1/15th of my internet speed, not great!
What Encryption level is recommended
Encryption for the control channel (authentication) should be 2048 bit or higher. Some providers still use 1024 bit which is rather lazy and should be avoided where possible.
Encryption for the data channel should be 128 bit or higher but I personally recommend using providers that use 256 bit as I find that with good providers that actually care about the service they provide you can achieve the majority of your maximum internet speed using a desktop system even with that encryption level.
Best VPN for Encryption
I spend much of my time making use of a range of VPN providers, some good, some bad. Encryption is one of the critical factors of choosing a provider and so if you’re looking for a good provider with a high level of encryption the three best are recommended below.
IPVanish not only provide encryption in the upper end of the scale, they’re also one of the fastest providers I’ve tested. With tons of server locations available all around the world they’re my number one choice for encryption.
IPVanish data channel provides 256 bit encryption using the AES-256-CBC cipher.
Their control channel (authentication) is 2048 bit.
LiquidVPN is a provider that definitely care about the encryption they provide and are not afraid to try new standards out. LiquidVPN was one of the only providers willing to test out a non-NIST standard encryption type but also offer a high standard that competes with other top-end providers.
LiquidVPN data channel provides 256 bit encryption using the AES-256-CBC cipher.
Their control channel is mainly 4096 bit but can be 2048 bit depending on the server.
VPN.ac although a more unknown provider are a VPN provider that takes encryption seriously and are constantly evolving to offer new and more secure methods via their software. VPN.ac excel on their RSA key size and are one of few providers who use 4096 bit authentication.
VPN.ac data channel provides 256 bit encryption using the AES-256-CBC cipher.
Their control channel is 4096 bit.Visit VPN.ac
There are lots of facets involved in encryption. Often it’s like comparing apples and oranges and trying to determine which is better.
However, the above three providers offer similar levels of encryption at the higher end of the scale for public VPN providers and strangely enough they’re also three of the fastest VPN providers I’ve tested also providing the most stable and supporting service.
So when you’re considering signing up to a VPN service, ask your provider why they don’t offer a higher level of encryption and if their answer is speed reasons be sure to think twice about using their service as I can guarantee the above three providers are not only fast but they have encryption at the forefront of their minds.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net