AES

AES is considered a strong symmetric encryption algorithm.
AES, like all block ciphers, is not secure without an appropriate and correctly configured mode of operation.

Last Updated Thu, 12 Dec 2018 12:00:01 -0400

Overview:

Advanced Encryption Standard, or AES, is a symmetric encryption algorithm. AES is also a block cipher, encrypting data in 128-bit chunks. As there are no known vulnerabilities against the AES cipher, it is considered safe to use so long as a proper mode of operation is chosen and is correctly configured. AES is a common choice to replace obsolete algorithms such as DES. AES is considered a reasonably efficient algorithm in terms of speed and memory requirements and is also a federal government standard in United States as approved by Secretary of Commerce.

Like most modern symmetric ciphers, AES is often used for “bulk encryption”, meaning the encryption and decryption of large amounts of data. Accordingly, AES is used in communication protocols such as TLS and IPSec for encrypting the network traffic, and is also found in file/folder/disk encryption applications as well.

In terms of configuration, the proper use of AES requires selecting a mode of operation. TODO link to mode of operation reading. AES also must be configured with a key size, which can currently be 128 bits (16 bytes), 192 bits (24 bytes), or 256 bits (32 bytes). While 128-bit keys are still in use, 256 bit keys should be used when possible. Even though 128-bit keys are still strong enough, 256-bit keys will last longer against future improvements in computing power including quantum computing.

Getting Started:

Introduction to using AES ciphers in source code. Examples in Python and C++ illustrate the basic encryption/decryption operations as well as configuring the mode of operation and key generation.
An overview of where and how AES is often used in common IT applications such as the TLS module in Apache server and IPSec.
A guide to the use of AES encryption in your organization including a discussion of standards.

Best Practices and Advisories:

  1. Never Use ECB. (Warning): Do NOT use the Electronic Code Book (ECB) mode of operation. This is only for testing!
  2. Do not Re-use Keys. (Warning): As with most symmetric ciphers, it is almost always wrong to re-use the same key for multiple encryption operations.
  3. GCM Mode. (Best Practice}: The GCM mode of operation (typically written AES-GCM) is almost always a very good choice. It both encrypts the data and protects it from modifications.

For more details check the FAQ for this algorithm.