AES is considered a strong symmetric encryption algorithm.
AES, like all block ciphers, is not secure without an appropriate and correctly configured mode of operation.

Last Updated Thu, 12 Dec 2018 12:00:01 -0400

Overview:

Advanced Encryption Standard, or AES, is a symmetric encryption algorithm. AES is also a block cipher, encrypting data in 128-bit chunks. As there are no known vulnerabilities against the AES cipher, it is considered safe to use so long as a proper mode of operation is chosen and is correctly configured. AES is a common choice to replace obsolete algorithms such as DES. AES is considered a reasonably efficient algorithm in terms of speed and memory requirements and is also a federal government standard in United States as approved by Secretary of Commerce.

Like most modern symmetric ciphers, AES is often used for “bulk encryption”, meaning the encryption and decryption of large amounts of data. Accordingly, AES is used in communication protocols such as TLS and IPSec for encrypting the network traffic, and is also found in file/folder/disk encryption applications as well.

In terms of configuration, the proper use of AES must be configured with a key size, which can currently be 128 bits (16 bytes), 192 bits (24 bytes), or 256 bits (32 bytes). While 128-bit keys are still in use, 256 bit keys should be used when possible. Even though 128-bit keys are still strong enough, 256-bit keys will last longer against future improvements in computing power including quantum computing.

AES also requires selecting a mode of operation. Common AES modes include:

AES-GCM is a combined mode of operation, or authenticated encryption. Authenticated encryption should be used whenever possible.

Getting Started:

Introduction to using AES ciphers in source code. Examples in Python and C++ illustrate the basic encryption/decryption operations as well as configuring the mode of operation and key generation.
An overview of where and how AES is often used in common IT applications such as the TLS module in Apache server and IPSec.
A guide to the use of AES encryption in your organization including a discussion of standards.

Best Practices and Advisories:

  1. Never Use ECB. (Warning): Do NOT use the Electronic Code Book (ECB) mode of operation. This is only for testing!
  2. (Best Practice) Use 256-bit Keys.:
    When possible, use 256-bit keys. This is especially true for data that may remain encrypted for very long periods of time.
  3. (Best Practice) Authenticated Encryption.:
    Authenticated encryption modes, such as AES-GCM, are almost always a good choice. These modes both encrypt the data and protect it from modifications.

For more details check the FAQ for this algorithm.