Speedify Encryption Overview

This article explains how Speedify encrypts your internet traffic.

How Speedify Handles Encryption

Speedify is built from the ground up to be a fast VPN. While Speedify uses a custom bonding protocol to combine your connections, the encryption underneath is based on well-established industry standards and takes advantage of hardware acceleration so you get strong security without giving up speed.

The Core Transport Protocol

Speedify uses DTLS (Datagram Transport Layer Security) 1.2 as its core transport security protocol. This is a standards-based technology (RFC 6347) that provides the same level of encryption used to protect HTTPS websites. At the same time, it lets Speedify handle error correction directly, which gives you much better performance than other VPNs when dealing with dropped or unreliable packets on your connection.

Which Encryption Cipher Speedify Uses

Modern Devices: AES-256-GCM

On any recent phone or computer, Speedify uses AES-256-GCM (Advanced Encryption Standard, 256-bit, Galois/Counter Mode) encryption. This takes advantage of AES hardware instruction support built into modern CPUs, so encryption happens quickly with minimal impact on your speeds.

Older Devices: ChaCha20

If you have an older device that doesn't have hardware acceleration for AES, Speedify automatically switches to the ChaCha20 encryption cipher. ChaCha20 delivers fast encryption even on older phones without AES support, reaching speeds up to three times faster than the AES ciphers most other VPNs use on those same devices.

For more details on ChaCha20 performance, see Cloudflare's ChaCha performance testing. The relevant standards are RFC 7539 for ChaCha20 and RFC 7905 for ChaCha20 over DTLS.

Technical Details

As of Speedify version 13.0.0, the encryption cipher suites are:

• Hardware-supported devices: TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384
• Older devices (no AES hardware support): TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256

Both cipher suites are implemented using Google's BoringSSL library, the same security library that powers the Google Chrome browser.

For versions prior to 13.0.0, Speedify used AES-128 (Advanced Encryption Standard, 128-bit) encryption with the cipher suite TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256  on hardware-supported devices.