VPN client feature request for upcoming versions of software
Of course as stated before in the feedback portion of the forum which can be found here: https://www.privateinternetaccess.com/forum/discussion/21479/add-more-encryption-options-to-the-advanced-settings
I would like to see more Advanced encryption options included in the advanced settings, as technology gets more advanced we need to combat that increasingly change with more advanced encryption algorithms. Of course there's evidence that shows that AES can't even be cracked by the NSA in real time but computers are getting faster and more powerful. https://nadim.computer/2015/02/01/nsa-aes.html We have no idea when they are you going to gain the technical capability to break AES whether it be tomorrow for 10 years into the future. I believe private Internet access needs to stay ahead of the game and add more encryption options that are Non-NIST based. Getting ahead of the game now will prevent them from having to do so in the future.
I would also like the user to have the ability to send data traffic through two VPN servers instead of one, This process is called double hopping and I believe this can help people remain more secure and private online. Sure this feature will slow down your connection speed but I think it would be worth it for the extra security that it would provide.
Thanks!
I would like to see more Advanced encryption options included in the advanced settings, as technology gets more advanced we need to combat that increasingly change with more advanced encryption algorithms. Of course there's evidence that shows that AES can't even be cracked by the NSA in real time but computers are getting faster and more powerful. https://nadim.computer/2015/02/01/nsa-aes.html We have no idea when they are you going to gain the technical capability to break AES whether it be tomorrow for 10 years into the future. I believe private Internet access needs to stay ahead of the game and add more encryption options that are Non-NIST based. Getting ahead of the game now will prevent them from having to do so in the future.
I would also like the user to have the ability to send data traffic through two VPN servers instead of one, This process is called double hopping and I believe this can help people remain more secure and private online. Sure this feature will slow down your connection speed but I think it would be worth it for the extra security that it would provide.
Thanks!
Comments
But you can use 256 bit AES. If it is ever possible to crack it, that will be so far into the future that the Earth will not even be a distant memory of the galaxy. For 128 bit AES, the complexity is enough that a few years ago, it would take every computer ever made working together a billion, billion years to manage to crack one key. And remember that with anything binary, adding one single bit doubles the possible combinations, so 256 is not twice as much work, it is a number so large I cannot type it here without exceeding the message length.
And the energy cost to brute force a key would be more than all energy present in the entire Solar system, even if you could convert all matter into energy with zero loss by some magical means.
Some people likely think I am spewing bullshit. Please look into it.
http://www.eetimes.com/document.asp?doc_id=1279619
If your entire Internet history was recorded, and all computers were a million times more potent than they are, it would still not be possible to crack more than a few keys in your lifetime, and the key changes every single hour per Diffee Hellman Key Exchanges.
So I think you can relax a whole lot. You are quite free to think otherwise though. Good day.
I like Camellia. But why not use it with Tiger hashing if you wanted to go down that route?
The thing to remember about encryption is that if you take for instance AES and change any single part of the output in a predictable way, then no-one looking for AES would be able to decrypt it even with the correct password.
You do not need absolutely perfect encryption, you only need something that is not so common.
AES is a big target. And as such, it is the most likely to be successfully attacked. But so far no one has ever managed to find a real weakness in it.
If Private Internet Access would add Serpent, Tiger, and Whirlpool to the encryption cyber suite in the advanced settings, I believe that it will put them above and beyond the competition for years to come. The NSA is currently developing a quantum computer and they believed they will have it ready within 10 to 12 years.
Yes Tiger is an older hash cryptographic cipher, but as far as we know there are no weaknesses in it as of yet. Why wait to upgrade the encryption algorithms when you can update them now and save you the trouble of having to do it later when we discover that one or more of the encryption algorithms in use today have been broken? I am an online security advocate, I believe that everything we do should be encrypted regardless of if we are doing anything wrong or not. Encryption is everything in society today, People use encryption every single day and don't even know it and of course I believe that the ability to choose your own encryption is a must for all virtual private network providers.
I believe they should add those secure ciphers that way they will be ready for the unforeseeable future that is yet to come because the threats of the Internet are not going to get better they're going to get worse. We need to do everything we possibly can to make sure that we are secure for the future.
The only way we can have privacy is through an encryption.
https://en.wikipedia.org/wiki/Serpent_(cipher)
https://en.wikipedia.org/wiki/Tiger_(cryptography)
https://en.wikipedia.org/wiki/Whirlpool_(cryptography)
https://en.wikipedia.org/wiki/Camellia_(cipher)
Those ciphers would be a great addition to the Private Internet Access Cipher Suite. I've been with private Internet access for almost 4 years now and The one thing I love about their service is the approach to privacy and security.
Privacy is one of our fundamental rights and privacy is for everyone. Privacy is not negotiable it is a basic human right.
Virtual private networks are essential to our online security, Without encryption nothing would be safe.
But back to something other than fiction. Serpent is a great algorithm. It did not focus on reducing the overhead on the system like AES. Instead it focused on making it as secure as possible.
Another more simplified way to look at it is that while AES 128, 192, and 256 respectively use 10, 12, or 14 rounds to complete, Serpent at the same bit depths uses 32 rounds. (Yes, 32 regardless of the bit depth.) So Serpent is a hell of a lot more work to attempt to break by any means, and if a quantum computer were to suddenly appear, it would at best leave 16 rounds of Serpent whereas AES would have either 5, 6, or 7 rounds to break.
But since Tiger and Serpent were made by the same team, I would think they would be a natural fit for one another. I suspect it would be impossible to make a 320 bit version of Tiger, but why would we need that to authenticate a packet is correct and has not been tampered with? (We already use SHA-160 or SHA2-256, along with HMAC to form a hash of no less than 512 bits for each and every packet.)
And just because I can, allow me to correct the links to the Wikipedia articles for you. Here they are in the order you had, along with several more. Threefish is of particular interest to me. 256, 512, and 1024 bits. 512 and 1024 are overkill to an extreme, but if a QC ever exists, they will make it work for a place in this world.
Serpent
Tiger
Whirlpool
Camellia
AES
HMAC
Threefish
Skein
*Edit* Shame on me for forgetting Skein.