Win 10: how to connect using always CHACHA20-POLY1305

[Huitzilopochtli 1]

Hi, I am an AirVPN newbie and also a non-geek.

I have read all the FAQs and explanations and searched the forum for the topic in the title of this post.

I see the protocol listed (see screenshot) but I don't understand if this is the right place (and what I need to do). 

Can anyone help me in simple words? 

Many thanks to all.

[OpenSourcerer 1360]

8 hours ago, Huitzilopochtli said:

Can anyone help me in simple words? 

"Prefer CHACHA20-POLY1305 data cipher" <-- have you tried ticking this one?

Otherwise, add to custom directives:

data-ciphers CHACHA20-POLY1305

Note that most processors in use on desktop today have AES-NI, encryption/decryption performance shouldn't be an issue.

[Huitzilopochtli 1]

Hi. No, I did not try to do any damage. I did not want to risk making the connection insecure. I will follow your advice. Thank you for your help 

[OpenSourcerer 1360]

1 hour ago, Huitzilopochtli said:

I did not want to risk making the connection insecure.

Unfortunately, this sentence does not "qualify" you to change to CHACHA20-POLY1305 only. I'd like to ask why you want to use this option. What kind of improvement do you hope to achieve with it?

[Huitzilopochtli 1]

On 1/21/2022 at 8:08 PM, OpenSourcerer said:

Unfortunately, this sentence does not "qualify" you to change to CHACHA20-POLY1305 only. I'd like to ask why you want to use this option. What kind of improvement do you hope to achieve with it?

Hi. I probably didn't explain myself well. I meant that I wouldn't want to make the connection unstable by changing the software settings. Like I said, I'm inexperienced. I've been using VPNs for many years but I've never come across a panel with so many options that I've never seen in other VPNs' very simple and user friendly software. I got curious by reading a review and that's why I wanted to try AirVPN. However one thing I did understand is that using CHACHA20-POLY1305 I don't have the same choice of connections as when I first used the application with the standard configuration. For example (I am talking about the Win 10 x64 PC version) I saw that using CHACHA20-POLY 1305, when I opened the app I was always connected to a server in Belgium even when I chose a server in Switzerland by putting it among the favorites or among the defaults.

[OpenSourcerer 1360]

1 hour ago, Huitzilopochtli said:

However one thing I did understand is that using CHACHA20-POLY1305 I don't have the same choice of connections as when I first used the application with the standard configuration.

Excuse me, this is fundamentally wrong. The choice of the cipher shouldn't influence server choice at all. The only reason you'd force a switch from AES to ChaCha20 is if your machine is overwhelmed with encryption/decryption of AES traffic and you therefore experience poor performance, as you usually would on any ARM machine like a mobile phone or the Raspberry Pi. For pretty much all desktop workloads AES is best.
 

1 hour ago, Huitzilopochtli said:

For example (I am talking about the Win 10 x64 PC version) I saw that using CHACHA20-POLY 1305, when I opened the app I was always connected to a server in Belgium even when I chose a server in Switzerland by putting it among the favorites or among the defaults.

This is impossible, unless we're talking about a yet unknown bug. As written, cipher choice does not impact server choice.

[Huitzilopochtli 1]

15 minutes ago, OpenSourcerer said:

Excuse me, this is fundamentally wrong. The choice of the cipher shouldn't influence server choice at all. The only reason you'd force a switch from AES to ChaCha20 is if your machine is overwhelmed with encryption/decryption of AES traffic and you therefore experience poor performance, as you usually would on any ARM machine like a mobile phone or the Raspberry Pi. For pretty much all desktop workloads AES is best.
 
This is impossible, unless we're talking about a yet unknown bug. As written, cipher choice does not impact server choice.

I don't know why what I described happened. I have no knowledge in this area. I only reported what occurred and I DID NOT SAY that selecting CHACHA20-POLY1305 caused the routing to the Belgium server.  I only said that is what happened. For me it's not a problem since I'm just trying AirVPN because I was intrigued by this Italian VPN which is undoubtedly very good since - as I've read on various websites - it's used with satisfaction by people who are very quality conscious.

[OpenSourcerer 1360]

2 minutes ago, Huitzilopochtli said:

I only reported what occurred and I DID NOT SAY that selecting CHACHA20-POLY1305 caused the routing to the Belgium server.  I only said that is what happened.

Okay… I still don't get why you want to force CHACHA20-POLY1305, then, honestly.

[Huitzilopochtli 1]

52 minutes ago, OpenSourcerer said:

Okay… I still don't get why you want to force CHACHA20-POLY1305, then, honestly.

It's like when you buy a new thing full of options that you've never tried or seen. Aren't you curious to see how it works if you change a few parameters? Just curious :-)

[OpenSourcerer 1360]

1 hour ago, Huitzilopochtli said:

It's like when you buy a new thing full of options that you've never tried or seen. Aren't you curious to see how it works if you change a few parameters? Just curious 🙂

Everytime people change things in IT they don't understand, a kitten is killed somewhere in the world.
As written, you'd use ChaCha20 for less potent machines (think, pre-2010 maybe) or on ARM-based devices like mobiles; it can deliver a better throughput there. On desktop, just go with the default; you can't do anything wrong with that.
As for comparison, AES is a long-standing, battle-proven cipher used for all kinds of purposes. It's so ubiquitous that support for it was built-in into processors, that's why CPUs can handle high throughputs, too. ChaCha20 is newer and so far on par with it: Throughput and security are comparable. It goes easier on resources, though (which, again, on desktop is negligible because of built-in AES).

If you still want to try ChaCha20, as written before, check the checkbox or add the directive I posted further up. Can you break something with it? Nope, your connections will work just like before.

[Huitzilopochtli 1]

On 1/28/2022 at 8:02 PM, OpenSourcerer said:

Everytime people change things in IT they don't understand, a kitten is killed somewhere in the world.
As written, you'd use ChaCha20 for less potent machines (think, pre-2010 maybe) or on ARM-based devices like mobiles; it can deliver a better throughput there. On desktop, just go with the default; you can't do anything wrong with that.
As for comparison, AES is a long-standing, battle-proven cipher used for all kinds of purposes. It's so ubiquitous that support for it was built-in into processors, that's why CPUs can handle high throughputs, too. ChaCha20 is newer and so far on par with it: Throughput and security are comparable. It goes easier on resources, though (which, again, on desktop is negligible because of built-in AES).

If you still want to try ChaCha20, as written before, check the checkbox or add the directive I posted further up. Can you break something with it? Nope, your connections will work just like before.

thanks for your help and tips