Jump to content
Not connected, Your IP: 3.22.42.189
Mas99

Wich is the strongest encryption

Recommended Posts

Hello

I use EDDIE VPN the first time .
It a real good VPN .
I just have a question , i use Eddie on my Andriod Grapheneos and want to know wich is the safest and strongest encrypyion algorithem. (CHACHA20/AES-256-GCM/AES-256-CBC )

Thanks a lot

Share this post


Link to post

CHACHA and AES are both super strong. CHACHA is more efficient on phones and so may give you better speeds and longer battery life. AES is more efficient on most computers because computers now are built with the AES-NI New Instruction set hardware extensions to support encryption. Google on how to verify your computer CPU has the AES-NI feature. 

The CBC alternative is also plenty strong but IIRC (my memory is always a question) differs in some details of initial negotiation that make GCM the slightly better alternative. Plenty of comparisons online if you want more. 

Share this post


Link to post
1 hour ago, SurprisedItWorks said:

AES is more efficient on most computers because computers now are built with the AES-NI New Instruction set hardware extensions to support encryption.


To build on that, AES can even be found in ARM CPUs nowadays, especially those supporting aarch64.
 
2 hours ago, SurprisedItWorks said:

The CBC alternative is also plenty strong but IIRC (my memory is always a question) differs in some details of initial negotiation that make GCM the slightly better alternative. Plenty of comparisons online if you want more. 


To answer Mr. Mas99's question about what the more secure cipher is, it's ChaCha20-Poly1305. For performance and, as written, with availability of AES instruction sets in CPUs, AES-256-GCM should be preferred. CBC should not be used.

Compared to AES, ChaCha20 is more resilient against certain kinds of attacks. For example, AES can be attacked with a carefully built timing-based attack in software. Some cryptographically interesting characteristics of AES render it slightly more prone for collision attacks, too. ChaCha20 solves those problems at least. In the end, abusing this is still quite an ordeal, so AES is still a good choice.

About CBC vs. GCM, both XOR ("randomize") the plaintext, but in different ways.
  • CBC XORs the plaintext with the preceding cipherblock (hence the name Cipher Block Chaining) and encrypts that. An attacker would know the previous cipherblock, though, and the ciphertext depends on that data.
  • GCM maintains something like a counter, an internal variable, and encrypts this, then XORs it with the plaintext. An attacker can't know this internal variable on which the ciphertext depends, therefore, GCM offers inherited security.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Both OpenVPN and Wireguard don't reinvent the wheel here, they do use the ciphers coded somewhere else, which is exactly why OpenSSL is a dependency. So no, it's not limited to OpenVPN or Wireguard.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Might be a silly question, but I was always curious about it: is there a (noticeable) difference when using AES or CHACHA on OpenVPN mobile, specifically iOS on let's say a modern iPhone (I got an iPhone 11)? I am just asking because I always read that CHACHA is recommended for mobile phones, but AES is selected by default when creating an OpenVPN config file for iOS with the AirVPN config generator.

I assume that even if AES is mainly for Desktop, that there is no difference on a modern smartphone and that CHACHA performance is mainly noticeable on older phones - but I'm not sure and maybe someone can explain. So far I've always used AES on OpenVPN iOS.

Share this post


Link to post
1 hour ago, spinmaster said:

I am just asking because I always read that CHACHA is recommended for mobile phones, but AES is selected by default when creating an OpenVPN config file for iOS with the AirVPN config generator.


Actually an interesting question. I've never seen a list of available instruction sets in Apple's Bionic chips. All I know is, they're ARM with a big/little CPU design (that is, part high-clocking CPUs for performance, part low-clocking CPUs for economy) and the newer devices have an ARMv8 CPU. I'd assume with the latter that AES is part of it, so the choice of AES makes sense.
You could put this to the test yourself, I think. Connect with both OpenVPN and Wireguard, download something being connected to the same server and keep an eye on CPU usage. That's the idea, can't really help you further than that.
 
2 hours ago, spinmaster said:

I assume that even if AES is mainly for Desktop, that there is no difference on a modern smartphone and that CHACHA performance is mainly noticeable on older phones


I'd correct this to "AES is for devices with AES-supporting CPUs", which is PCs from ~2010 and embedded devices from ~2020. For instance, my phone is aarch64 supporting the AES set, too, so I prefer an AES cipher over ChaCha20.
Since I very rarely use a VPN on my phone, I don't have extensive insight on which is better (and for what). But I tend to agree that ChaCha20 is better suited on older models, both security and performance-wise.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...