Best VPNs for Encryption

Encryption KeysYes, it is true that one of the major ideas behind a VPN is that it encrypts your data so that it can not be intercepted by a third party while in transit.  But truth be told, not all personal VPN services encryption algorithms are the same.  Nor are all of their networks up to the task of providing adequate encryption without dragging down your connection speed.  Below you will find our list of the VPNs that do the best job of balancing superior encryption and maximizing your connection speed.

RankProviderPriceRatingSoftwareLink
1IPVanish$4.87
60% Off		9.9
Read Review		SoftwareVisit Site
2OverPlay$6.25
38% Off		9.8
Read Review		SoftwareVisit Site
3ExpressVPN$8.32
35% Off		9.7
Read Review		SoftwareVisit Site
4VyprVPN$6.25
25% Off		9.6
Read Review		SoftwareVisit Site
5PIA$3.33
52% Off		9.5
Read Review		SoftwareVisit Site

Summary reviews for the best VPNs for Encryption

What is a personal VPN Service?

To learn what a personal VPN service is, you must first learn what a Virtual Private Network (VPN) is.  VPNs have been used in the business sector for a number of years.  A VPN is a group of devices that are connected to each other using various secure tunneling protocols and encryption algorithms.  They are used to leverage a less secure network to allow devices on a more private network to communicate with each other.  This is what allows businesses to have and communicate with global offices and remote employees who may be working away from the office over the open Internet.

A personal VPN works in a similar manner.  It creates a connection between your device and one of its network servers using one of the secure tunneling protocols, like SSL/TSL.  Once this connection has been established, the service then encrypts and encapsulates all transactions between its server and your device so that they cannot be intercepted by third parties.  Next the service masks out your true IP address and assigns you one at its geo-location.  All Internet transactions are then sent from this virtual IP address so that is where you appear to be located at.

The major benefits that you get by using a VPN service are data security, Internet privacy, and greater anonymity while surfing your favorite websites.  The methodologies that allow you these benefits are the secure encrypted connection between the VPN server and your device and the IP virtualization which allows you to appear to be from anywhere.  This secures and protects your data from prying eyes.  It also keeps your true IP address and thus your true location secret.  This, along with shared IP addressing on VPN servers helps to maintain your Internet privacy and your online anonymity.

How does a VPN Secure Your Data and Your Identity?

We previously discussed what a VPN was and how it can help you while surfing the Internet in your daily lives.  So, now you know how it helps to secure all traffic to and from your device and acts as your intermediary with the open Internet.  How, exactly does it do this?

To start with, you need dedicated software installed on your device to connect to the Remote Access Server (RAS) of your VPN provider.  This server also has special software installed on it to help transport your Internet traffic and secure your online identity.  The VPN server requires that your device provide valid login credentials which it authenticates before allowing any connection process to start.  This is your VPN’s first layer of security.  Your device then uses the client software to establish, maintain, and control your connection to the VPN service.  It sets up a tunneled connection to the VPN server and manages the encryption that secures your connection.

Although learning how personal VPN services operate can seem complicated at first, understanding terms like “secure tunneling” and “encapsulation” can help to simplify this.  Let us have a closer look at what these are.  To understand what secure tunneling is, we have to know that all data transmitted over the Internet is split into small pieces called “packets”.  Each packet also carries added information which includes the protocol used and the senders IP address.  These packets are known as IP datagrams.  Encapsulation is the process by which these datagrams are paired with other protocols to create new packets.  This is done by surrounding the original IP datagrams with the new protocol information.  The term tunnel refers to a channel which allows the untouched packets of one network to be transported over another network.  An example of this is L2TP which allows L2TP encapsulated PPP packets to be transported over IP.  This allows the original data to be transported across the Internet.  Secure tunneling is the method by which these data packets are then sent privately over the Internet to your VPN server.

On a VPN’s tunneled connection, every data packet is placed inside another data packet before it is sent over the Internet.  As we previously stated, this process is called encapsulation.  It is easy to imagine how useful encapsulation and tunneling are in securing your data.  The outer packet provides a layer of security that keeps the inner contents safe from public view.  However, it is not enough just to tunnel data sent over a VPN connection.  The next layer of security provided by your VPN service is encryption, where each data packet is encoded so that they can only be read by your device and the VPN server, which are securely connected together.  VPN providers use a number of security protocols (IPsec, SSL/TSL, PPP, and others) to encrypt your data.  We will take a look at a few of these when we examine some of the connection protocols used by VPN providers.  Secure tunneling includes encapsulation, encryption, and authentication is the fundamental feature that makes VPN security work.

What Is Data Encryption?

Cryptography, from the two Greek words meaning “secret” and “writings” has been around for thousands of years.  It has mostly been used by governments and military units to transfer information covertly.  The Spartans used a system which consisted of a thin sheet of papyrus wrapped around a staff (now called a “staff cipher”).  Messages were then written down the length of the staff, and then it was unwrapped.  In order to read the message it had to wrapped around a staff of equal diameter to the original used to write it.  In this case the key to decoding the message was the staff diameter.

More recently this transfer of information has moved into the electronic realm.  Data encryption is a form of security that turns electronic information, images, programs, or other “plaintext” data into unreadable “ciphertext” by applying a set of complex algorithms to the original message.  This helps keep the communication between the sender and receiver private.  The receiver of the encrypted text then uses a “key” to decrypt the cipher back to its readable plaintext form.

The key is the seed or trigger used to initiate the original cipher algorithm.  Like other forms of cryptography, data encryption was originally used by governments and military units.  However, as Internet use has become more widespread, the need for personal data encryption has grown.  You have probably experienced this when you connect to secure websites using your browser.  You will see a lock in the address line followed by https, which stands for Hypertext Transmission Protocol, Secure when you access encrypted sites.

Revelations of Edward Snowden about the US National Security Agency (NSA) and the UK Government Communications Headquarters (GCHQ) spying on communications from other countries, as well as, their own citizens has brought to light the need for everyone to encrypt all of their private communications. This has led to growth in encrypted messaging and email services. It has highlighted the need for everyone to have their own personal VPN service so that all of their Internet communications will be encrypted.  The encryption used by your VPN service can help to shield you from third-party interference, be it NSA, GCHQ, or nefarious international cybercriminal organizations.

Encryption Methodologies

Encryption algorithms are generally of two types: symmetric-key and asymmetric-key.  These both involve sharing of the keys between the sender and the recipient.  In the case of the symmetric key algorithm, the key used to encrypt the message is shared between the sender and the recipient.  The problem with this is that there is no direct secure way to share the key unless the sender and recipient meet in person to exchange keys.  The second case, asymmetric-key algorithm is often called public-private key exchange involves the sender generating two keys: a public one to send to the recipient and a private one to keep and vice-versa with the recipient.  In practice many VPN services use a hybrid of the two methods to ensure that the connection and data are properly authenticated, as well as, encrypted to ensure that only the intended recipient has access to the original data.  They do this by means of the handshake verification and encryption, encryption of the data using a complex cipher algorithm, and finally some type of data authentication.

During the handshake phase of the VPN connection, the secure tunnel is established between your device and the VPN server and the rules by which they will transfer information are established.  This phase includes any authentication between your device and server to set up the tunnel, the cipher algorithm to be used for data transfer, as well as, any initialization or padding applied, and the method used to verify the validity of the data once it has been sent.  This guards against so called man-in-the-middle attacks.  Any symmetric keys necessary for data encryption are also transferred during this phase.  Symmetric keys are preferable for the actual data encryption because public key operations (e.g., RSA) are relatively expensive in terms of computational resources.  All the information sent during this phase is generally encrypted using asymmetric cryptography utilizing private-public key pairs.

During the encryption phase, the data is encrypted using the transferred key and the agreed upon cipher algorithm with the proper initialization or padding applied.  The encrypted information is then transmitted though the secure tunnel to the VPN server.  Finally, the accepted method, usually some type of secure hashing algorithm is applied to verify that the data has not been altered during transit.  Once the data has been verified the VPN server will send it on to the recipient.

Standard for Encryption and Decryption of Sensitive Data

AES, also known as Rijndael cipher is the newest cryptographic standard for the encryption of electronic data established by US National Institute of Standards and Technology (NIST) in 2001.  It was selected from 15 candidates.  The Rijndael cipher developed by two Belgian cryptographers, Joan Deamen and Vincent Rijmen.  For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256-bits.  In November of 2001, the Secretary of Commerce approved AES as Federal Information Processing Standards Publications  (FIPS PUBS) 197, which made AES the federal standard for encrypting sensitive data.  It took effect in May of 2002.  As for now, there are no known practical attacks that would allow anyone to read correctly implemented AES encrypted data.

During the final round of the AES contest, NIST issued a summary of the five  finalists on the topics of security, speed, implementation, and such.  Two were easily dismissed.  Among the final three:  Twofish, Serpent, and Rijndael:

  • Rijndael had a potentially lower security margin than Twofish and Serpent
  • Rijndael had better performance than Twofish and Serpent.
  • The Rijndael construction was arguably simpler than Twofish and Serpent.

As a result, Rijndael became the AES competition winner and replaced the DES algorithm with the following new and updated features:

  • Block encryption implementation.
  • 128-bit group encryption with 128, 192 and 256-bit key lengths.
  • The AES design is based on a substitution-permutation network (SPN) and is fast in both software and hardware implementations.
  • Symmetric algorithm requiring only one encryption and decryption key.
  • Data security for 20-30 years.
  • Worldwide access and no royalties (it was the first open source US NIST standard).
  • Easy overall implementation.

The Advanced Encryption Standard (AES) is a symmetric-key block cipher algorithm and U.S. government standard for secure and classified data encryption and decryption.  It has no known credible weaknesses at this time.

Considerations for VPN for Secure Encryption

When choosing a VPN for encryption, there are a few other criteria that you need consider as well as encryption:

  • First is do you trust the VPN provider?
    • How much of your personal information do they collect and do they clearly define how it is used in their privacy policy?  If your goal is greater anonymity then no or very limited personal information is better
    • What kind of reputation do they have in the VPN industry and do they have good support.
    • Where are they incorporated at?
  • Second is how big is their network of VPN servers?
    • Do they have a worldwide presence?
    • Multiple servers in regions that you want to access so you can always get the best performance while using the best encryption settings.
  • Third, what is their logging policy regarding VPN usage?
    • A no-log policy of VPN usage is essential.
  • Fourth, can the VPN service do everything you need it to do?
    • How fast is the VPN service from your location?
    • Do you need to bypass local or government firewalls?
    • How do they handle P2P file sharing traffic?
  • Fifth, how reliable is the network?
    • You want to choose a VPN which is stable and who has multiple servers in the location you use so that you can avoid slowdowns due to overcrowding.
    • Does the service have respond to questions you might have in a timely manner?
    • Do they offer a kill switch to protect your privacy if the VPN drops?
    • Do they support DNS leak protection keep your public IP address hidden?
  • Sixth, is the bandwidth.
    • The best VPNs offer unlimited data download.
  • Seventh, is it compatible with desktops, phones, tablets or other devices you might want to use with it?
    • Does it support Windows? Mac OS? Linux? iOS? Android? Others like Blackberry?
    • How many simultaneous connections does it allow? Two is good, more is even better.
    • You should thoroughly test the VPN with all of your devices.
  • Eighth, is it secure and private to protect your traffic from prying eyes?
    • What kind of protocols does the VPN use?  Protocols are rules for transmitting data.
      • A VPN service that supports all three protocols: OpenVPN, L2TP/IPsec and PPTP is best.
        • OpenVPN (UDP/TCP) (Best mix of security and speed)
          • It is highly configurable, fast, and the most secure.
          • Port forwarding helps increase its utility and help scale firewalls.
        • L2TP/IPsec – Layer 2 Tunnel Protocol / Internet Protocol Security is the encryption protocol for traffic.
          • It provides good security.
          • It has slower performance than that of OpenVPN due to double encapsulation of data.
          • It has built-in support on most devices which makes it easy to implement.
          • Has greater utility if port forwarding is used since by default it uses UDP port 500 which can be easily blocked.
        • PPTP – Point to Point Tunneling Protocol
          • Some of the devices that you use will only support this protocol.
          • It is considered the least secure and probably better suited for devices that can not use other protocols or where speed, not security is the main concern.
          • It is built into most devices and very easy to setup.
    • Encryption is usually AES,  Blowfish, or 3DES based.
      • It should use at least 128 bit which is not as secure but provides faster speed less security conscious purposes like streaming media.
      • 256 bit is better for security if you are using an untrusted network at a hotel or your local restaurant’s free Wi-Fi network.
    • Other protocols include proprietary stealth ones to scale the Great Firewall of China, SSTP which is very secure but primarily for Windows, and IKEv2 which provides excellent security and automatic reconnection for mobile devices.
  • Ninth, how easy is the VPN to actually use?
    • Does the VPN have mobile apps and easy to software install software?
    • Does it have well written guides?
    • Is it easy to connect and disconnect from the service?
  • Tenth, how much does the VPN service cost?
    • As always, you should spend what your budget can afford.
    • Does it support anonymous ways to pay for the service like Bitcoin?
    • Remember to use the money-back guarantee to thoroughly test the service to ensure it suits all your intended purposes.

All of the VPNs that we have chosen not only have some of the best encryption in the industry but they have other features so that you can use your VPN for any purpose that you might have.

Final Thoughts

Here are a few recommendations if security and privacy are your goal when using a VPN:

  • OpenVPN is the most secure protocol if implemented properly and may even protect you from NSA interference.  It is the one all users should use if it can be installed on their device.
  • IKEv2 is the best choice for Blackberry users because and may be good for other mobile users if they move internet connections a lot because it is fast, secure, and reliable.
  • Some Windows users may prefer SSTP for because it has many of the features provided by OpenVPN but is built into the Windows but remember it is a proprietary Microsoft application.
  • L2TP is easy to set up because it is build into many devices and is a good choice for non-critical uses but may be slower that some other protocols like SSTP and OpenVPN.
  • PPTP should only be used if security is not an issue or no other protocol choice is available for your device.

For a more thorough examination of VPN protocols read our comparison PPTP-vs-L2TP/IPsec-vs-OpenVPN-vs-SSTP-vs-IKEv2.  After looking at the encryption protocol, the reputation of the provider and logging policy should be considered to make sure that the VPN really cares about your personal security and privacy.  A global network will help you to get the best performance while using the maximum encryption.  Having access to multiple protocols will help you assure that you have the best encryption for device that may want to use with the VPN .  This will give you greater access to better encryption algorithms like AES, IKEv2, and SSTP.  All of the VPNs that we recommend not only have some of the best encryption in the business but also can help you with other things like streaming Netflix, using VoIP, or any other use you might have for a VPN.  Take advantage of their money-back guarantees and see for yourself.