finker enforces HTTPS communication to protect the user against man-in-the-middle attacks. Servers use RSA certificates identified by hashing algorithms of the SHA-2 family. SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA).nnComplement to the HTTPS enforcement finker has earned the McAfee SECURE trustmark. Through continuous monitoring and daily malware scanning lets users know that the service is free from malware, phishing and other threats.
HMAC stands for keyed-Hash Message Authentication Code. A Message Authentication Code is a protection against data being altered in transit by an attacker who has the ability to read the data in real-time. Out of many possibilities on how to reliably authenticate messages, finker uses hashes (hence the H in HMAC).
To encrypt the control channel finker uses AES-256-CBC. AES is one of the most widely used encryption standards, based on the Rijndael cipher developed by Belgian cryptographers Joan Daemen and Vincent Rijmen. 256 refers to its size, 256-bit, the largest available. CBC stands for Cipher Block Chaining, which makes each message passed dependent on the previous one.
Data channel encryption protects against your information being visible to the parties that your data travels through. finker uses a symmetric encryption scheme, in which the key is negotiated using the elliptic curve Diffie-Hellman key exchange. finker servers use VPN service to negotiate and verify a secret key that is then used to encrypt the data for the entire session.
Perfect forward secrecy means that even if a dedicated adversary were somehow able to compromise communication during one session, they would not be able to decrypt any traffic from past sessions. That’s because our VPN service negotiates a new secret key every time you connect. Even if you remain connected to the VPN for an extended period of time, it automatically negotiates a new key every 60 minutes.