J
JW0914
Guest
As far as having a thorough understanding of 2048 and AES 256, I do not... I just know going with 256 > 128 and 2048 > 1024 creates a stronger encryption that will literally be uncrackable until at least 2100 via Moore's Law; however, quantum computing does exist, as do diamond processors [literally the best material to use for a processor] and Moore's Law does not apply to quantum computing. Both AES-128 and 1024 bit encryption have been cracked and a person is able to do so in a matter of days if they know what they're doing.
Now, is it likely your encryption will be cracked if you use either, it's not likely, but that depends on a number of factors. We all maintain private files, many of which are irreplaceable mementos, such as pictures, finance records, etc. on our network devices, and on the off chance your encryption is cracked on a VPN, it would allow an attacker unfettered access not just to your VPN, but all devices on the network that VPN points to. It simply isn't worth the risk, especially when there's no noticeable lag from utilizing AES-256 > AES-128 and 2048bit > 1024bit.
I'm self-taught for the most part with networking, and I only know what I've shared here from trial and error with my own VPN over the past 2 weeks or so. I do know while researching how to create and setup a VPN. I did come across an article that explained very nicely why you should use one over the other, and if I can find the bookmark, I'll post the link.
EDIT:
(There's a point to this, so bare with me)
Most don't realize just how easy it is to steal someone's identity, however if you've shopped from Amazon recently, you might have noticed if you attempt to add a new address, you have to verify a full credit card number for a card you have on file (a pain, if like me, you have an Amazon Credit Account and it's not an actual card, just a number, and Amazon doesn't print it on your bill).
This policy occurred after a reporter had his ipad/iphone hacked at home, which allowed access to his other network devices, and he had hundreds in fraudulent charges on Amazon because the attackers were able to get the last 4 of a card on file, along with another meaningless piece of info (might have been his street address or email) from his devices, then were able to call Amazon and they were able to take over his account because Amazon's policies at the time permitted the change with just the last four of card number. This journalist was able to track down the attackers, and after agreeing not to file charges, was able to get the attackers to explain how they had accomplished the attack.
This was either on 60 minutes, or possibly Frontline, about a year ago, but my point with this is if someone is able to successfully execute an attack and gain unfettered access to your VPN and LAN, it doesn't take but a few scraps of random information we all have on our devices to allow the attacker to cause serious, and quite stressful, damage to one's life and finances. One should always error on the side of caution when it comes to security, and is why, for example, a person who knows about networking will always tell you to set up a firewall to deny all traffic and add rules to allow allow what needs to be allowed out and allowed in. It's time consuming, tedious work, and due to this, most don't bother, leaving them with a false sense of security.
Now, is it likely your encryption will be cracked if you use either, it's not likely, but that depends on a number of factors. We all maintain private files, many of which are irreplaceable mementos, such as pictures, finance records, etc. on our network devices, and on the off chance your encryption is cracked on a VPN, it would allow an attacker unfettered access not just to your VPN, but all devices on the network that VPN points to. It simply isn't worth the risk, especially when there's no noticeable lag from utilizing AES-256 > AES-128 and 2048bit > 1024bit.
I'm self-taught for the most part with networking, and I only know what I've shared here from trial and error with my own VPN over the past 2 weeks or so. I do know while researching how to create and setup a VPN. I did come across an article that explained very nicely why you should use one over the other, and if I can find the bookmark, I'll post the link.
EDIT:
(There's a point to this, so bare with me)
Most don't realize just how easy it is to steal someone's identity, however if you've shopped from Amazon recently, you might have noticed if you attempt to add a new address, you have to verify a full credit card number for a card you have on file (a pain, if like me, you have an Amazon Credit Account and it's not an actual card, just a number, and Amazon doesn't print it on your bill).
This policy occurred after a reporter had his ipad/iphone hacked at home, which allowed access to his other network devices, and he had hundreds in fraudulent charges on Amazon because the attackers were able to get the last 4 of a card on file, along with another meaningless piece of info (might have been his street address or email) from his devices, then were able to call Amazon and they were able to take over his account because Amazon's policies at the time permitted the change with just the last four of card number. This journalist was able to track down the attackers, and after agreeing not to file charges, was able to get the attackers to explain how they had accomplished the attack.
This was either on 60 minutes, or possibly Frontline, about a year ago, but my point with this is if someone is able to successfully execute an attack and gain unfettered access to your VPN and LAN, it doesn't take but a few scraps of random information we all have on our devices to allow the attacker to cause serious, and quite stressful, damage to one's life and finances. One should always error on the side of caution when it comes to security, and is why, for example, a person who knows about networking will always tell you to set up a firewall to deny all traffic and add rules to allow allow what needs to be allowed out and allowed in. It's time consuming, tedious work, and due to this, most don't bother, leaving them with a false sense of security.
Last edited by a moderator: