Home Page

VPN & Cryptography


Email & Spam

Security Terminology


VPN Terminology

VPN Tutorial Guide



Aggressive Mode

Authentication Header

Asymmetric Encryption


Certification Authority

Data Integrity



Digital Certificate

Dynamic IP addresses





IPSec Quick Mode


Main Mode







Pre-Shared Key

Remote Access User


Security Association


Site to Site VPN


Transform Sets

Tunnel mode and Transport mode

VPN client tunneling option

VPN Topologies

VPN Tunnel


VPN and Encryption Algorithms



Encryption or encrypting is the process of scrambling data so that it becomes un-readable and confidential. Another name for encrypted data is ciphertext. Decryption is the opposite and it is the process of transforming the ciphertext back into the original plain text. VPN gateways use encryption, so that data in transit will be secure and unreadable. Hackers like to sniff networks usually for usernames and passwords, using some kind of network packet sniffer, however, if data is encrypted, then it would be secure and sniffing encrypted data would prove to be useless to the hacker.

When encrypted data reaches the peer VPN gateway, or any entity for this matter that encrypts data in transit, the remote peer will have an identical key and use this key to decrypt the data.


There are two types of encryption methods used today as detailed below:


Asymmetric encryption -

In asymmetric encryption, two keys are used, a public key and a private key. Data is encrypted using the public key and decrypted with the private key. Asymmetric encryption is used for communication over in-secure networks such as the internet. Asymmetric encryption is also known as public key encryption.

More information is available on asymmetric public keys within the asymmetric encryption section. This page is dedicated to symmetric encryption algorithms.


Symmetric encryption -

A single key is used to encrypt data and decrypt the same data. There are a number of symmetric encryption algorithms as detailed below:



Data Encryption Standard (DES) is one of the first encryption algorithms created. DES has been replaced by 3DES. See DES page for more information.

3DES –

3DES or triple DES was a replacement for DES, being that it was a stronger algorithm. Read 3DES page for more information.


AES encryption algorithm is the standard today and commonly used. See the AES page for more information.

Blowfish -  

Blowfish was one of the proposed replacements for DES. Blowfish is a block cipher of a 64 bit block size. It produces 16 rounds of computation and consists of a key size from 32 to 448 bits. An advantage with Blowfish it is an un-patented software and can be used by anyone.


Twofish -  

Twofish is a block cipher with a 128 bit block size, and a key size of up to 256 bits. Twofish was one of the contenders to fill in the boots as an algorithm for AES, but did not eventually reach this far.



IDEA, which stands for International Data Encryption Algorithm, is another block cipher, it is a 64 bit blocks size and uses a 128 bit key size. The 64 bit block size is actually broken down into 16 sub-blocks, and each sub-block has 8 rounds of computations performed on. IDEA is used in PGP and some other software products. IDEA can be used for non-commercial use.


CAST -  

CAST which is named after the developers, Carlisle Adams/Stafford Taveres, comes in two key sizes, 128 and 256 bit key size. CAST was also a candidate for AES.



Safer (Secure and Fast Encryption Routine) is another block cipher which comes in two sizes of 64 and 128 bit key sizes. This encryption algorithm was another candidate for AES.


Skipjack –

Another block cipher, which uses an 80 bit key and 64 bit block size. It was developed to be used with clipper chip (chipset for voice communication).

RC -

Family of Rivest Cipher algorithms

RC4 – A stream cipher with a variable key size and is used in SSL and wireless technology in WEP. RC4 is a quick, simple and effective algorithm.

RC5 – A fast block cipher which uses various key and block sizes.

RC6 – A block cipher and an improved version of RC5. RC6 was another candidate for AES.

Use Cases for Symmetric Encryption

Symmetric encryption algorithms are used in a broad range of products today and are essential to keeping data secure, whether in transit or resting in storage. External memory devices such as USB sticks and external hard drives are pre-packaged with encryption software. An example of encryption software which employs some of the above encryption algorithms is Veracrypt, and the big bonus with Veracrypt is it is free to download and use. Veracrypt can be used on a standard client system to encrypt a user's files and folders.

Further Reading

Wikipedia's guide to Encryption