What are different VPN Protocols?

VPN solutions are based on different VPN security protocols. Each of these VPN protocols offer different features and levels of security. Some of the VPN protocols commonly used are explained below:


  1. Internet Protocol Security or IPSec:

    Internet Protocol Security or IPSec is used to secure Internet communication across an IP network. IPSec secures Internet Protocol communication by authenticating the session and encrypts each data packet during the connection.
    IPSec operates in two modes, Transport mode and Tunneling mode, to protect data transfer between two different networks. The transport mode encrypts the message in the data packet and the tunneling mode encrypts the entire data packet. IPSec can also be used with other security protocols to enhance the security system.

  2. Layer 2 Tunneling Protocol (L2TP):

    L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is usually combined with another VPN security protocol like IPSec to create a highly secure VPN connection. L2TP creates a tunnel between two L2TP connection points and IPSec protocol encrypts the data and handles secure communication between the tunnel.

  3. Point – to – Point Tunneling Protocol (PPTP):

    PPTP or Point-to-Point Tunneling Protocol creates a tunnel and encapsulates the data packet. It uses a Point-to-Point Protocol (PPP) to encrypt the data between the connection. PPTP is one of the most widely used VPN protocol and has been in use since the time of Windows 95. Apart from Windows, PPTP is also supported on Mac and Linux.

  4. Secure Sockets Layer (SSL) and Transport Layer Security (TLS):

    SSL (Secure Sockets Layer) and TLS (Transport Layer Security) create a VPN connection where the web browser acts as the client and user access is restricted to specific applications instead of entire network. SSL and TLS protocol is most commonly used by online shopping websites and service providers. Web browsers switch to SSL with ease and with almost no action required from the user, since web browsers come integrated with SSL and TLS. SSL connections have https in the beginning of the URL instead of http.

  5. OpenVPN:

    OpenVPN is an open source VPN that is useful for creating Point-to-Point and Site-to-Site connections. It uses a custom security protocol based on SSL and TLS protocol.

  6. Secure Shell (SSH):

    Secure Shell or SSH creates the VPN tunnel through which the data transfer happens and also ensures that the tunnel is encrypted. SSH connections are created by a SSH client and data is transferred from a local port on to the remote server through the encrypted tunnel.



– Captain Krypto πŸ™‚


Feel free to get in touch with Kryptotel for any further information about encrypted smartphones. You might as well be interested in KryptoPhone – the customized encrypted smartphone by Kryptotel. To know more about KryptoPhone, please visit us at: www.kryptotel.net.

How Secure is WhatsApp’s Encryption?

How Secure is WhatsApp’s Encryption?


WhatsApp, one of the most popular messaging app service, in April this year, announced that the service would now use end-to-end encryption to secure user communication. The service would benefit 1 billion+ users of the messaging across all devices.

End-to-end encryption (E2EE) is a secure way of communication where only the actual users involved in the communication can access the messages in the chat. Eavesdroppers, cyber-criminals and hackers, telecom companies, Internet Service Providers or government agencies cannot read the messages. Even the company that has built the application will not read the messages.

WhatsApp on its website says, β€œWhatsApp’s end-to-end encryption is available when you and the people you message use the latest versions of our app. Many messaging apps only encrypt messages between you and them, but WhatsApp’s end-to-end encryption ensures only you and the person you’re communicating with can read what is sent, and nobody in between, not even WhatsApp. This is because your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages.”

This means WhatsApp will now have end-to-end encryption by default. WhatsApp’s end-to-end encryption (E2EE) will ensure that all communication between two users will secure and cannot be read by anyone else. Text messages, Audio/Voice notes, videos, pictures, everything will now be encrypted and cannot be read by anyone except the sender and the receiver. Not even the WhatsApp.

[blockquote author=”” link=”” target=”_blank”]Although it is a welcome that step that WhatsApp is finally an encrypted messaging service, but the question that now arises is β€œhow secure is WhatsApp’s end-to-end encryption?”. We will break down encryption in WhatsApp and how secure it actually is.[/blockquote]


WhatsApp had partnered with Open Whisper Systems to design its new end-to-end encryption feature which is based on Signal Protocol.

According to the whitepaper issued by WhatsApp, once the session has been established, clients need not rebuild new sessions with each other until the session is ended by the users.

The whitepaper further explains how encryption takes place in WhatsApp. It reads, β€œclients exchange messages that are protected with a Message Key using AES256 in CBC mode for encryption and HMAC-SHA256 for authentication. The Message Key changes for each message transmitted, and is ephemeral, such that the Message Key used to encrypt a message cannot be reconstructed from the session.”

[blockquote author=”” link=”” target=”_blank”]All this sounds good so far. Whether the security and privacy that WhatsApp talks about is enough for the user or not, is for the user to decide. Not for us. But here are our two cents on WhatsApp encryption.[/blockquote]

WhatsApp might still collect your metadata.

While the end-to-end encryption might ensure that the contents of the message are not accessed by unauthorized users or even by the WhatsApp, but WhatsApp itself might store metadata. This means the phone numbers involved in the conversation as well as the timestamp on the messages are stored on the servers of the company. Collecting metadata could give out information like who the user communicated with, the time of the communication, how often the two users communicate with each other, the location of the two users at the time of communication, etc.

WhatsApp is owned by Facebook

WhatsApp was acquired by Facebook in the year 2014. Facebook is considered one of the least privacy minded company in the market. There also have been some reports doing rounds on the Internet that Facebook supplies government with reports and information. So if that’s the case then it makes little sense that a messaging app owned by a least privacy minded company would not share information of the users to the government agencies.

Messaging Apps with higher grade of encryption available in the market.

Now that the popular messaging app WhatsApp has decided to go with end-to-end encryption, it is not the best encrypted messaging app available in the market. There are many other messaging apps in the market today which offer higher grade of encryption. Some apps even provide military grade of encryption and multiple levels of security.
So if a user is concerned about privacy and security then WhatsApp might not be the best option for that user. The market is wide open when it comes to encrypted messaging apps.

Providing encryption to a billion users free of cost?

WhatsApp has a billion users and providing end-to-end encryption to a billion users is a stupendous task and the efforts must be appreciated. But the question that arises in people’s minds is why is WhatsApp offering encryption at no cost at all? Why is it free of charge? Where does WhatsApp make money from?!

Please feel free to add in your thoughts in the comments section below. We would appreciate your valuable contribution.

– Captain Krypto πŸ™‚


For users interested in messaging apps with higher grade of encryption, please visit: Military Grade Encryption VoIP Apps


Feel free to get in touch with Kryptotel for any further information about encrypted smartphones. You might as well be interested in KryptoPhone – the customized encrypted smartphone by Kryptotel. To know more about KryptoPhone, please visit us at: www.kryptotel.net.