We may earn affiliate commissions for the recommended products. Learn more

What is AES encryption?

What is AES encryption

Regarding Virtual Private Networks (VPNs), there are so many technical terms that regular users may need to learn. AES encryption is one of them. Used by a host of VPNs on the market, it’s been relied upon for many years to prevent data from getting seen by the wrong set of eyes.

Despite being over 20 years old, AES is still going strong to this day. But, just what is it? And how does it protect your private information? Read on to learn everything you need to know about AES encryption, its types, and what it’s commonly used for.

What is AES encryption?

AES (Advanced Encryption Standard) is a symmetrical cipher used for data encryption and decryption. Simply put, it scrambles data into chunks that cannot be read by those without access to an appropriate key. AES substitutes, transposes, and mixes data using a symmetric block cipher, making it harder to compromise.

DES (Data Encryption Standard) was used heavily throughout the 1990s. But it only offered 56-bit encryption – something that can be cracked in a matter of minutes using modern computers. A more robust encryption method was needed to keep opportunistic data thieves at bay.

Eventually, AES was developed by a pair of Belgian researchers. Government agencies like the NSA and large corporations such as Microsoft had adopted the new encryption method by 2005. And it soon became mainstream for use on firewalls and VPNs.

How does AES encryption work?

AES encryption scrambles data in small blocks instead of everything in one go. Each block comprises of 16 bytes in a 4 x 4 layout. Then these blocks go through several rounds of encryption, depending on the cipher key length. Each round consists of these steps:

  1. Substitution. The 16 bytes are substituted by another byte each, according to a predetermined table called the Rijndael S-box.
  2. Shifting rows. Each row of the 16 bytes gets shifted a certain number of times. The first row remains unchanged, the second row is shifted to the left once, the third row is shifted to the left twice, and the final one is shifted to the left three times.
  3. Mixing columns. Each column of the block is then multiplied using a specific mathematical function. Four distinct bytes go in, and completely new four bytes come out after the matrix multiplication is done. This step isn’t performed in the last round, though.
  4. Adding round keys. Then the algorithm encrypts each column of the data block using a different portion of the encryption key.

And this process is repeated several times according to the AES key length. The more time this happens, the harder it is to crack the code. It makes AES encryption essential for cybersecurity since it cannot be brute-forced due to all the changes data gets put through.

Types of AES encryption

The Advanced Encryption Standard (AES) differs according to the length of the key. All three use the same 128-bit blocks, but the blocks go through a different number of rounds of encryption:

  • 128-bit key length – 10 rounds
  • 192-bit key length – 12 rounds
  • 256-bit key length – 14 rounds

AES 128-bit encryption

With AES-128, the key is 128 bits long, hence the suffix. Without using a cryptographic key, the encrypted data is completely incomprehensible. Is 128-bit AES secure? Yes, since data undergoes ten rounds of encryption during the data compression process.

Chunks of data are taken and mixed up according to a recipe determined by the cipher subtype. At this point, a key is generated, allowing anyone receiving the data to untangle the web of encryption.

Symmetric key algorithms (including AES-128) use the same key to encrypt and decrypt the message. It makes them faster than asymmetric ciphers; hence they are perfect for VPN data encryption.

AES 256-bit encryption

Brought in to replace AES-128, AES-256 is essentially a far more secure version of its predecessor. Utilizing 14 rounds of encryption instead of the 10-round encryption process adopted by AES-128, the current 256-bit encryption standard makes it far more difficult for hackers to decipher the information.

Is 256-bit AES secure? Utilized by the US government to protect sensitive data, it’s safe to say that AES-256 is one of the most secure methods of securing data (within the bounds of reason, of course). While it isn’t quite as fast as AES-128, AES-256 is most definitely the more secure cipher.

Which is better – AES-128 or AES-256 encryption?

Anyone looking to invest in a VPN will no doubt have come across the AES-128 and AES-256 encryption ciphers – both are seeing a lot of use. But, just which one is better?

The answer is context-dependent. In terms of security, both AES-128 and AES-256 are considered practically unbreakable using widely-available computers. However, the 256-bit version is naturally the more secure one and should protect users from most cybersecurity threats.

With that said, more encryption also means more time spent encrypting, which makes AES-128 the faster option (although the difference is not extreme). Hence, the tradeoff is between speed and security, with neither suffering particularly much in the current technological landscape.

What is AES encryption used for?

Although US government agencies primarily used it, many industries and services now widely utilize the AES encryption algorithm. Anything that requires confidential data to stay, well, confidential, is protected by the Advanced Encryption Standard.

Here are just some examples of AES encryption usage:

  • VPNs. These tools aim to secure your connections and hide you from snoopers. So, it’s no wonder AES 256-bit encryption is the standard for many VPN services.
  • Password managers. Login credentials are sensitive information that benefits from encryption, especially if you’re sharing them with other people. A proper password manager includes some form of AES encryption, either 128-bit or 256-bit.
  • Programming libraries. Java, Python, and C++ coding languages implement AES encryption in their libraries.
  • Wi-Fi. Usually combined with WPA2, the AES encryption algorithm is used to authenticate clients and routers. There are other encryption methods for wireless networks, but they are not as secure.
  • Browsing. AES is vital for web browsers as it allows users to access websites without compromising their security. To achieve this, it works in conjunction with SSL/TLS encryption protocols for server authentication both on the client and the server end.
  • Processors. Hardware-level encryption helps prevent low-profile risks, like meltdown failures, and bolsters security.

Keep in mind that this is just the tip of the iceberg. Mobile applications, compression tools, OS system components, online banking services, and plenty of other fields incorporate AES encryption to protect data.

Does AES encryption have any vulnerabilities?

Currently, the Advanced Encryption Standard remains virtually uncrackable. No successful attacks have been recorded, and cryptographers are constantly coming up with ways how it could happen in theory.

The risk with AES primarily lies in how it can be implemented. If done incorrectly, it might have security holes that could be exploited. For example, side-channel attacks aim to pick up system data leaks, which cyber criminals could later use to try and brute force their way in.

Other forms of theoretical attacks include:

  • Related-key. These could target the encryption itself by figuring out the relationship between two different encryption keys.
  • Known-key. A malicious user could crack the code if they knew the key. Which is a highly unlikely scenario since plaintext transformation into ciphertext happens at random.
  • Key-recovery. Requires the hacker to have a pair or more parts of the plaintext message and the corresponding ciphertext.

As you can see, these attacks require the cyber criminal to know some parts of the encryption key. Thus, your data is safe with AES encryption.

Best VPNs with AES encryption

Now that you discovered everything you need to know about AES encryption, you’re probably wondering – which are the best VPNs that use this particular security protocol?

1. NordVPN

9.8
review-badge__icon Top VPN provider
Number of countries covered
Number of countries covered:
113
Number of servers
Number of servers:
6900
Support
Support:
24/7, email
  • Industry-leading security measures
  • RAM-only hardware
  • Independently-audited no-logs policy
  • Only 6 simultaneous connections

NordVPN utilizes AES 256-bit encryption, along with DNS, IPv6, and WebRTC leak protection, to secure your internet traffic. The service also includes 2 kill switches – system-wide and app-level – to prevent accidental data leaks if the VPN connection drops. Plus, the provider boasts an independently-audited no-logs policy.

With an incredible server list of 6900+ RAM-only servers in 113+ countries, the value for money you get with NordVPN is hard to deny. With prices starting from just $2.99/month, you can benefit from decent speeds, flawless privacy practices, and excellent security without breaking the bank.

For a deeper investigation of NordVPN, read our NordVPN review.

2. Surfshark VPN

9.5
review-badge__icon Top VPN provider
Number of countries covered
Number of countries covered:
100
Number of servers
Number of servers:
3200
Support
Support:
24/7, FAQ
  • Robust security tools
  • Fast with WireGuard
  • Unlimited simultaneous connections
  • Some features cost extra

Surfshark VPN is another service with AES 256-bit encryption, robust leak protection, and a system-wide kill switch. An independently-audited zero-logs policy indicates no data is stored on their servers, plus you get plenty of additional features. Camouflage and NoBorders modes, Rotating IP, MultiHop, and CleanWeb, are just a few of the security perks.

The provider offers a network of 3200+ RAM-only servers in 100+ countries, a superb implementation of WireGuard, and unlimited simultaneous devices. Surfshark is also considerably cheap, with subscriptions costing as low as $2.19/month.

For a deeper investigation of Surfshark VPN, read our Surfshark VPN review.

Conclusion

AES encryption is often considered the industry standard when it comes to data encryption, and not without reason. It’s virtually uncrackable, making it the most secure encryption method yet. We recommend utilizing it whenever possible to ensure your online data remains safe and secure.


You may also like to read:
Are VPNs safe
Do VPNs protect you from hackers
Understanding Deep Packet Inspection (DPI)
What is a VPN firewall
What is SHA
What is SSH protocol


FAQ

What type of encryption is AES?

Advanced Encryption Standard (AES) is a symmetric block cipher used to encrypt sensitive electronic information. It’s an essential part of cybersecurity, and you’ll find it utilized in many fields, from governments and banking to such internet security tools as VPNs.

Is AES the strongest encryption?

AES 256-bit encryption is the strongest encryption standard to this day. It’s virtually uncrackable, and it would take cyber criminals millions of years to brute force it.

Is AES encryption symmetric or asymmetric?

AES encryption is a symmetric algorithm. It means it uses the same 128, 192, or 256-bit key to both encrypt and decrypt data.

Is it possible to crack AES encryption?

AES is the strongest encryption yet and has never been cracked. Cryptographers can only come up with theoretical attacks against AES. Still, the key size used for encryption should be long enough to avoid it being cracked.

6 comments
default-avatar.

Your email address will not be published.   Required fields are marked *


  1. tunisha
    tunisha May 21, 2019 at 1PM

    I’m using ExpressVPN and I am happy user. I think it offers great encryption. Yes, the it’s slightly heavier on the pocket, but still, it works great



  2. Jewel Allaire
    Jewel Allaire May 21, 2019 at 12PM

    AES sounds pretty bad-as*. I know this article states it’s practically unbreakable (which means at some point I imagine someone could break it with the right resources and time) but do any governments have backdoor keys that they can use to sneak in and snoop? That’s always been one of my worries because I’ve heard rumors the U.S. government works with software firms to backdoor their way into so-called secure networks. Anyone know about this?



  3. 67879Bobby_Lawrence
    67879Bobby_Lawrence May 21, 2019 at 8AM

    AES also does end to end encryption of data. It means AES encryption is useful to VPN users, securing VPN data from leaking to the outside world or eyes of the surveillance agencies and hackers



  4. CohenIngram890
    CohenIngram890 February 24, 2019 at 3PM

    I can tell you that AES is one of the most reliable encryption tool for online users. It’s amazing and recommended for use. I can tell you why… It’s a time tested tool spanning for over 20 years and it keep evolving with time. Never relegated by speed of technological advancement



  5. Ben Campbell
    Ben Campbell February 7, 2019 at 8AM

    Ok great to know AES support salt of hash or cipher, but does it support custom hash funcs like “sha1(md5(…))”

    Also does antivirus have the potential to access information stored inside AES?



  6. 1445Betty
    1445Betty February 6, 2019 at 8AM

    Never heard of Advanced Encryption Standard before now. I am glad to know that it is a reliable encryption tool with high level of security, speed and support, available to users of the internet.


Thanks for your opinion!
Jump to section