Blog

Encryption: AES

Posted on by Areyo Dadar
07
Dec

What is encryption: AES?

We’ve have heard the term “encryption” before, we know it’s some form of security and that it comes in forms such as passwords, but how does it work?

The most common standard of encryption is AES, also known as Advanced Encryption Standard.

AES is a standard that is universally used on almost every computer and is used on every secure Internet connection.

So what is AES and what does it do for my data?

There are three types of AES: AES-128, AES-192 and AES-256. The numbers after the AES refer to the number of bits used in the key.

AES-192 and AES-256 happen to be irrelevant to your identity protection needs (unless you happen to work in the NSA or DOD).

The focus will be on is AES-128– this is the current standard that almost all secured webpages use.

AES-128 is used mainly for its balance between versatility and speed. Say you would like to check your balance in your checking account, so you begin by opening your bank’s webpage.

This webpage will always have a green lock icon in the corner (if there isn’t it is highly advised to not enter any valuable data).

This means that your connection is encrypted so any communication from your computer to the website’s server will be through a locked “box.”

The way AES works is that your computer puts your data into that locked “box” and keeps the key while the website that you’re communicating with already has a copy of that key.

This keeps your data safe from anything on the internet that may be looking to find your data.

When your “box” arrives at the bank’s web servers it is unlocked using the key that the bank previously generated.

This process goes on until the session expires in which a new key must be generated.

This process of constant expiration and generation is also another method of keeping your data safe.

You may be asking, why should I trust AES-128 for all my identity needs?

The simple answer is because it’s the only secure encryption standard that will not fail.

AES has been tested numerous times by the National Security Agency and has been determined to meet the rigorous requirements for use.

Rest assured, the chances of having any AES-128 encryption cracked is 1 in 340282366920938463463374607431768211456 or the likelihood of being struck by lightning every minute of your life, while living underground.

However, AES can be vulnerable, most “cracks” that we may hear about are actually vulnerabilities found in the programs that encrypt data, rather than in the encryption itself (think of digging under a stone wall instead of running at it).

There are many security-vulnerability researchers out there who purposely attempt to crack these programs in order to root out these issues.

As a result, these vulnerabilities are quickly “patched” and sent out as updates to relevant consumers.

It’s recommended that all software updates for web browsers and operating systems be applied as soon as possible in order to minimize the window of vulnerability that may arise in the future.

 

Encryption: AES Resources

http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
http://csrc.nist.gov/archive/aes/round1/conf2/Schneier.pdf
http://www4.ncsu.edu/~hartwig/Teaching/437/aes.pdf
https://www.nsa.gov/ia/programs/suiteb_cryptography
http://www.theinquirer.net/inquirer/news/2102435/aes-encryption-cracked

Areyo Dadar

Leave a Reply

Your email address will not be published.