In the face of growing concern over the NSA spying scandal, and in particular the recent revelations that the NSA has been working hard over the last ten years to systematically weaken international encryption standards, US VPN provider Private Internet Access has moved to reassure their customers that their data is safe by releasing a new version of their client that lets users choose much stronger levels of encryption, should they wish it.
The new client (which is still in Beta at the time of writing) can be downloaded from here.
If you click on it, you will be offered a number of new choices that let you decide on how you want your VPN traffic to be encrypted. Generally speaking, the stronger the encryption, the slower it will make your connection.
This is the symmetric cipher algorithm used to encrypt and decrypt all data. Private Internet Access utilizes perfect forward secrecy (PFS) with ephemeral (i.e. temporary) shared key exchange for maximum security.
Previously PIA used 128-bit Blowfish encryption, but AES-128 is faster, so while Blowfish is still available as an option, there is little point in choosing it. For more security (but with a slight speed hit), you can opt for AES-256.
Interestingly, there is also the option of choosing no encryption. This provides maximum performance, and still hides your IP address (in much the same way that a SOCKS proxy does).
Data authentication helps to protect you against active man-in-the-middle attacks by ensuring the integrity and authentication of sent data. SHA-1 (Secure Hash Algorithm-1) produces a 160-bit hash value, which is probably more than sufficient for most purposes, although flaws have been found in it.
The SHA-256 fixes these mathematical weaknesses and is considered to be a strong cryptographic hash function, but it is a somewhat odd choice on PIA’s part, as SHA-2 set of standards was designed by the NSA!
Users not concerned about active attacks can safely turn off Data Authentication altogether.
This is the encryption used during the process of negotiation, and verifies that you are connecting to a genuine PIA server. Here you have the choice between RSA Ephemeral Diffie-Hellman exchange (RSA-2048, RSA-3072 and RSA-4096) and ECC (ECC-256k1, ECC-256r1 and ECC-521) Ephemeral Elliptic curve Diffie-Hellman exchange.
Which type of exchange you should choose is not an easy question to answer, as it known RSA-1024 has been cracked (back in 2010) and it is entirely possible that the NSA can crack stronger versions of it, which is why PIA offer ECC (Eliptical Curve Cryptography). However, it widely rumored that this has been backdoored by the NSA.
As PIA CEO Andrew Lee told TorrentFreak,
‘To be honest, at this point after the NSA revelations, we do not know exactly who has exactly what capability. In a crazy scenario, it could be possible that RSA is completely broken and ECC is the only viable option. Of course, we do not believe this, but again, we want to give people the choice.’
We have gone into some detail here about what the different settings mean, but you don’t really need to know anything about encryption to improve your security – you just have to implement the recommended settings:
- Default (recommended) – AES-128 / SHA1 / RSA-2048
- All Speed No Safety — None / None / ECC-256k1
- Maximum Protection — AES-256 / SHA256 / RSA-4096
- Risky Business — AES-128 / None / RSA-2048
We thought we would have a look at what these settings mean in terms of performance hit, by testing them on speedtest.net using our 20 Mbs broadband connection (in the UK, connected to a VPN server in Switzerland)…
Adding stronger encryption does therefore have a modest but noticeable impact on connection performance.
Lee recommends changing the encryption settings regularly to make any potential attacker’s job harder for them.
We think it commendable that Private Internet Access has taken concrete steps to strengthen its encryption, and it shows yet again that PIA are at the forefront the VPN game. However, we would have preferred to see PIA use a non Rijindael derived cypher (which AES, RSA and SHA are all based on), in favor of a cypher with a higher security margin, such as Serpent.
In addition to this, the fact that PIA is based in the United States worries us more than a little, and if NSA snooping is a primary concern of yours, opting for a non-US company is probably a very sensible idea.