September 21, 2013
In the wake of the
Edward Snowden NSA
revelations the use of encryption has become an extremely hot
topic. Demand for anonymity tools has increased rapidly and providers are
offering better services to satisfy that demand.
Today we bring news of a
new VPN client from
Private Internet Access, one containing features that if regularly
configured correctly would require "advanced alien technology" to crack.
Previously the domain of the particularly
Internet savvy, in recent years the issue of online privacy has become a
regular talking point in many mainstream tech publications.
The use of VPNs and services such as
proven particularly popular with those looking to keep a low profile online
with the added benefit of enabling users
to bypass government imposed websites censorship around the world.
Of course, this year came a watershed moment for
privacy when ex-CIA contractor Edward Snowden spilled the beans on the
activities of the NSA, revelations which have sent shockwaves around the
world. While previously corporations and geeks might have sought to heavily
encrypt their communications, now everyone is getting in on the act.
Needless to say, security-focused products are
enjoying the boom.
For regular file-sharers, security requirements
are somewhat different to those looking to whistle-blow or widely share
government secrets. Nevertheless, one of the biggest VPN providers in the
space will today up the ante with the release of a brand new VPN client. It
offers more features than ever before to encrypt users’ communications to a
level that will perfectly suit them but disappoint would-be attackers.
TorrentFreak was given access to the new
software earlier this week for testing. It’s an upgrade to the current
Private Internet Access
OpenVPN client and installed without a hitch.
It looks very much like the old software until a
press of the ‘Advanced’ button reveals a new option titled ‘Encryption’.
"Our application allows our clients to
change their encryption and security settings with just a few clicks to
any combination they choose," PIA CEO Andrew Lee told TorrentFreak.
"We allow our customers to configure their
handshake encryption, data authentication encryption and even the data
itself with levels up to AES-256 and RSA 4096!"
With so many options now available, we took a
brief look at each and detailed a summary below. We have avoided
rocket-science type explanations - those will appear in a follow up article.
Data encryption AES-128 v AES-256 v Blowfish
Currently PIA uses 128-bit
Why should users get excited about the option to use
/ AES-256 over the previous standard?
"As AES-128 is, in general, faster than
Blowfish 128 on most modern processors, our customers will enjoy extra
speed with this exciting addition," Lee told us.
Interestingly, the client also allows users
to encrypt their communications at all.
PIA confirmed that this setting is there for
people who don’t care about encrypting their communications but still want
to hide their IP addresses from sites and services they use.
This setting also has the side effect of
offering the greatest speeds.
authentication - SHA1 or SHA-256?
This hashing technology is used to ensure the
integrity and authentication of data sent within a message.
SHA1 (160bit) is the fastest option, but is it
more desirable than SHA-256 (256bit)?
"SHA1 should be more than fine," Lee
explained. "However, we’re simply offering a stronger alternative for
those who may feel it is a necessity."
Handshake - RSA-2048 v RSA-3072
In 2010 it was reported that RSA 1024 bit
encryption had been cracked.
Now that PIA offers 2048, 3072 and 4096, is
there a preferred setting for optimal efficiency?
"We believe that 2048 bit is sufficient at
this point, but in-line with the previous question, we are providing the
option for much stronger keysizes if the user feels it is a necessity,"
Additionally, the new PIA client also offers
curve cryptography options - ECC-256K1 (in use by BitCoin), ECC-256R1
With rumors circulating that ECC may be vulnerable to NSA
backdoor access, what is the best option?
"To be honest, at this point after the NSA
revelations, we do not know exactly who has exactly what capability. In
a crazy scenario, it could be possible that RSA is completely broken and
ECC is the only viable option.
Of course, we do not believe this, but
again, we want to give people the choice," Lee says.
Ok, enough crypto-babble… What’s
the best setup?
PIA recommends the following setups for speed,
safety and best trade-off performance.
Default Recommended Protection
All Speed No Safety
Lee says that PIA have included the extra
options for those who want to feel extra secure or may want to experiment a
little more with cryptography.
He adds that for those looking for the ultimate
in protection, frequent changes of setup within the client could lead to an
almost impossible situation for would-be attackers.
"With control of one’s level of encryption,
even if someone were utilizing advanced alien technology, they would
have a tough time if you changed your encryption settings every time you
But we recommend choosing the encryption strength/mode you
desire and sticking with it," Lee concludes.
Those wanting to learn more about the encryption
options should head over to
page. The brand new client
can be downloaded here.
TorrentFreak has also asked several other VPN
providers to share their thoughts and concerns about encryption after the
Snowden revelations. These will be addressed in a follow-up article.
Disclosure: PIA is a TorrentFreak sponsor