PPTP vs L2TP vs OpenVPN vs SSTP

vpn-protocols-encryptionWhen you start looking for a VPN, you will notice that one of the aspects that are highlighted by providers to describe their service is protocols. To help you understand the role that VPN protocols play in the security of your connection, we will take a look at the main differences between them. You can also opt to start with our VPN FAQ page to get the basics first, or an in-depth look at online privacy to grasp encryption a little better.

As exposed by Edward Snowden last year, VPN encryption technologies have been targeted by the NSA. This is why this article will also discuss cryptography and how the NSA ‘s operations can affect a VPN connection. Let’s start with an overview of the VPN protocols available.

VPN Protocols

PPTP

PPTP or Point-to-Pont Tunneling was developed by a consortium formed by Microsoft, Ascend Communications and other companies. It was designed to create VPN over dial-up networks and has been the long-standing VPN protocol for internal business. It’s a protocol that uses a variety of authentication methods (including MS-CHAP v2) to offer security.

PPTP is the in-built protocol on pretty much every VPN-enabled platform and device. It’s still a popular choice for business and VPN providers because it offers many advantages; protocol is very easy to configure, it can be implemented quickly and it doesn’t require additional software. As you can tell, it’s very low maintenance.

However, PPTP is generally considered a weak security option due to a number of vulnerabilities that were found since it’s implementation in 1999. The most problematic aspect of PPTP is the possibility of MS-CHAP v2 authentication not being encapsulated, which would make PPTP vulnerable to being cracked within only a couple of days. Although this flaw has been fixed through the use of PEAP authentication, even Microsoft has recommended VPN users opt for other solutions like L2TP/IPsec or SSTP.

For security conscious users, PPTP is not ideal, and it is very likely that the NSA has cracked PPTP encrypted communications.

L2TP and L2TP/IPSec

Used on its own, L2TP or Layer 2 Tunnel Protocol, does not encrypt traffic that is directed through it. This is why it’s usually combined with the IPsec encryption suite. L2TP/IPsec is found in all modern platforms and VPN enabled devices and is easy to set up.

The main flaw of L2TP is that it uses UDP port 500, which can be easily blocked by NAT firewalls. This means that it requires advanced configuration such as port forwarding, or else it won’t work effectively when used behind a firewall.

While IPsec encryption has no major known weaknesses when implemented correctly, it’s likely been targeted by the NSA. In fact, independent security experts believe that the protocol was made vulnerable on purpose during its design stage. An additional downside of L2TP/IPsec is that it encapsulates data twice, which makes it slower than other options such as OpenVPN.

For VPN concentrators, check out IPSec vs SSL.

OpenVPN

OpenVPN offers a strong solution that uses OpenSSL library and SSLv3/TLSv1 protocols combined with a set of technologies that make it a secure. It offers flexibility and is easy to configure on practically any port, although it works best on a UDP port. Thanks to this characteristic, it is not easy to differentiate between traffic that passes through OpenVPN and traffic that uses standard HTTPS over SSL. This means that OpenVPN is almost impossible to block.

Furthermore, the OpenSSL library used by OpenVPN to encrypt traffic supports many cryptographic algorithms including 3DES,Camellia AES and Blowfish. The majority of VPN providers use AES and Blowfish with the standard cypher in OpenVPN being 128-bit Blowfish.

While it is usually regarded as secure, Blowfish does have some known weak points related to a certain class of keys. Blowfish alternatives like Twofish and Threefish offer higher level of security.

AES

Advanced Encryption Standard or AES is the most ecent technology and it comes without known vulnerabilities. It is considered by many as the highest standard of encryption to protect data. It works better than Blowfish in the handling of large files. Unfortunately, both Blowfish and AES are certified by the US government organization NIST (National Institute of Standards and Technology). That raises some concerns about the possibility of backdoors installed to enable infiltration.

OpenVPN is generally faster than IPsec, and even though it is not the built-in protocol in any platform, it is supported by most systems including Android and iOS. OpenVPN is not as easy to set up as PPTP and L2TP/IPsec. For instance, in order to use non-proprietary OpenVPN software in open source OpenVPN client for Windows, you will be required to download and install the client, as well as additional configuration files.

The solution that many VPN providers offer to make life easier, is dedicated VPN clients. The main advantage of OpenVPN is that it’s open source, which means that it can be scrutinized by the general public so backdoors cannot be installed. It is not likely to have been compromised by the NSA, which probably makes it the most secure protocol.

SSTP

While SSTP, or Secure Socked Tunneling Protocol, first appeared in Windows Vista SP1 and is mainly a Windows-only technology, it is also available ion Linux, RouterOS and SEIL. It uses SSL v3, which allows it to use TCP port 443 to avoid NAT firewalls. The downside of SSTP is that its a proprietary standard owned by Microsoft and as such, is not open to public examination. This makes it vulnerable to the use of backdoors installed willingly or under pressure by Microsoft upon request of the NSA.

Now that we have gone through the VPN protocols and their main advantages and downsides, it is important to take a closer look at encryption to understand what is at risk when your connection is not secure.

Encryption Summary

Encryption Key Length

Key length is the number of ones and zeros used in a cypher. Its the basic method to estimate how long it would take for a cypher to be cracked.  Normally, VPN providers use an encryption between 128-bits and 256-bits in key length. Of course, higher levels are used for data authentication.

Brute force attacks are the most rudimentary way to attack a cypher. It involves attempting every possible combination of keys until the right one is identified. The estimation here is that a 128-bit AES key cypher would take around a third of a billion years to be cracked, using the world’s most powerful superpower, the NUDT Tianhe-2 located in China. Cracking a 256-bit would take almost double that time.

Before the Snowden revelations, no one would question that 128-bit encryption was practically unbreakable using brute force. Although this could still be true, now that we are aware of the NSA’s operations and the vast resources used to try to crack encryption, experts are no longer convinced of the unbreakable nature of these systems and many are rushing to upgrade them.

Ciphers

Encryption key length is related to the amount of numbers involved, but ciphers are the algorithms applied to encrypt traffic. When encryption is broken, it is usually due to vulnerabilities in these algorithms and not in the key length. Blowfish and AES are the most used ciphers in VPN encryption.

Additionally, RSA is applied to encrypt and decrypt a cipher’s keys, while SHA-1 or SHA-2 take part in data authentication. AES is widely recognized as the most secure cipher for VPN and the fact that it is the system used by the US government to protect sensitive data has added to its status as the most reliable option. However, there are some issues to take into consideration, as we will see in the next section.

NIST Standards

As previously mentioned, the NIST is a US organization and it has admitted that it has collaborated with the NSA in the development of its ciphers. AES, RSA, SHA-1 and SHA-2 were developed or certified by the NIST. Since we are now aware of the NSA’s attempts to weaken or infiltrate encryption standards, the security of NIST algorithms is questionable.

NIST has stated that they would not weaken a cryptographic standard willingly and even encouraged the public to take part in a series of proposed encryption standards under development. While NIST has attempted to gain the trust of the public, the intervention of the NSA (introducing hidden backdoors or weakening algorithms) in NIST approved encryption standards is still causing controversy. The fact that in September 2013, RSA security warned its customers to avoid using an algorithm that would have been compromised by the NSA, increased the suspicion towards NIST standards.

Even though encryption standards engineered by NIST, like Dual_E_DRBG, have been deemed as insecure, companies like Cisco, Microsoft, Symantec and RSA use this algorithm in the cryptographic libraries of their products. The main reason behind that is compliance with NIST standards as a requirement to obtain contracts with the US government.

NIST certified standards are used around the world in a large number of businesses and industries, which makes matters even more disturbing. Since there is a high level of dependence on these standards, not everyone is willing to consider using alternative options to NIST technology. However, given the growing concern among privacy advocates and users that want to get a higher level of protection against eavesdropping, it is expected that more organizations and companies (including VPN providers) will move away from NIST options.

NSA/GHCQ compromises RSA key encryption

Through the information leaked by Edward Snowden, it was also confirmed that government organizations like the NSA and GCHQ, are attempting to identify encryption keys that could be cracked by their technology. This revelation indicates that 1024-bit RSA encryption (which is widely used to protect certificate keys) is more vulnerable than previously believed and that it is susceptible to being decrypted faster by the NSA and GHCQ. When a certificate key is cracked, all traffic (including previous exchanges) will be vulnerable unless ephemeral (temporary) key exchanges are used.

The implications for all HTTPS traffic is considerable, since many forms of encryption (including SSL and TLS) depend on certificates and non ephemeral keys are essentially exposed. Fortunately, OpenVPN would not be compromised as it uses ephemeral key exchanges, which generate a new key for every exchange. This means that it does not rely on certificates. In case a third party gets a hold on the private key of a certificate, they would not be able to decrypt the communication.

Many VPN providers have opted for upgrading their key encryption to 2048-bits or 4096-bits to offer superior security.

Perfect Forward Secrecy

A good solution to enhance security for websites is the implementation of Perfect Forward Secrecy (PFS), which is a system that generates a new and unique private encryption key for every session. The problem is that at the moment, the only big name in the internet that uses Perfect Forward Secrecy is Google. However, as the concern about security increases, we may see other major companies implementing PFS.

Conclusion

The most important point to consider is that while OpenVPN is not as simple to set up as other options, it is still the most secure protocol and offers good speed. VPN providers continue working on their technology to ensure that their service offers the security that users need. Adapting non-NIST standards would be the next step that we would like to see VPN providers taking to enhance privacy.

Although PPTP is easy to setup, it is not secure. L2TP/IPsec offers good compatibility and is more secure, but it has been compromised by the NSA. Still, it is a convenient option for mobile devices, as OpenVPN support is still not optimal for them. SSTP has its benefits and like OpenVPN it is a secure option. However, it only works on Windows and the fact that it cannot be openly tested for backdoors raises concerns about its privacy.