Think You're Safe? ExpressVPN and Astrill Encryptions May be Cracked (and Backed) by the Government




Following a blog post written by Marc Bevand, multiple platforms have been calling into question the safety of VPN usage in China, especially two of the most popular, ExpressVPN and Astrill.

Using a virtual private network (VPN), as most of us do, creates a certain illusion that you're online activities are being encrypted and re-routed through servers in other countries, and is thus safe from government watchdogs.

Bevand, who is currently traveling the world and testing various VPNs, used ExpressVPN while in China, which although allowing him to jump the Great Firewall, only uses a 1024-bit RSA key to encrypt data through connections. While that might not mean much to many of you (or me until I started doing this research), 1024-bit is a weak encryption, and one that the government may have already cracked, garnering unlimited access to all the puppies and kittens you spend your days looking at.

Tech In Asia notes that Astrill uses the same 1024-bit RSA key encryption, despite the fact that a 2048-bit RSA key is recommended to elude potential snoopers, according to the standards of "governmental, academic, and private organizations providing guidance on cryptographic security," as stated by Bevand.

For perspective, Google made the switch to 2048-bit encryption over two years ago.

As for other VPNs, Golden Frog confirms a prediction made in 2003, which stated that 1024-bit keys were likely to be crackable by 2010. They claim that their VyprVPN is currently safe from being breached, and that they will continue to update their systems to ensure sound encryption in the future.

In the end, it all seems to come down to trust. A 2010 article from Astrill claims that Astrill 2.0 "generates unique 2048-bit private keys for each user and signs them with our Certificate Authority," quite contrary to Tech In Asia's blog post.

Additionally, we know very little about the people who run these VPNs and where their servers are actually located, which should mean that we all err on the side of caution when using their services rather than blindly believing our browsing history is in safe hands.

As Tech In Asia rightly point out, the government may already have the ability to block these VPNs but why would it need to if they can access the information they purport to conceal.


By:Margaux Schreurs(Thebeijinger)


 Using WeChat? Scan QR Code or Press the Fingerprint Below ↓

--- (Or ADD WeChat ID: OKOKOKOKnet)


 

comments

No Data