Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security Understanding AES 256 Encryption
Security

Understanding AES 256 Encryption

By SolarWinds MSP
29 July, 2019

Encryption is fundamental to contemporary internet security. An encryption system scrambles sensitive data using mathematical calculations to turn data into code. The original data can only be revealed with the correct key, allowing it to remain secure from everyone but the authorized parties. 

Organizations of all sizes across all industries rely on encryption to protect their data. Passwords, personal identification information, and private messages all need to be hidden from nefarious parties. But the strongest encryption requirements come not from companies, but from the U.S. government. Whenever national security is involved, strong measures must be taken to ensure data is saved and transmitted in an uncrackable format. How can federal agencies like the National Security Agency (NSA) protect their top secret information?

This is where the Advanced Encryption Standard (AES) comes in. Originally adopted by the federal government, AES encryption has become the industry standard for data security. AES comes in 128-bit, 192-bit, and 256-bit implementations, with AES 256 being the most secure. In this article, we’ll explain how AES 256 encryption works and how it can be used to protect your data. 

What Is AES 256-Bit Encryption?

AES was developed in response to the needs of the U.S. government. In 1977, federal agencies relied on the Data Encryption Standard (DES) as their encryption algorithm. DES was created by IBM with a 56-bit symmetric-key block cipher design and was used successfully for close to 20 years. By the 1990s, it was clear that DES was no longer sufficiently secure. In one public demonstration, distributed.net and the Electronic Frontier Foundation showed that they could break a DES key in only 22 hours. Per Moore’s Law, increased computing power meant that a 56-bit system was woefully inadequate against brute force attacks. A more sophisticated encryption standard was urgently needed.  

In response, the government announced a public competition to find a replacement system. Over five years, 15 initial entries were narrowed down to five finalists before a final winner was chosen. The tech security community lauded the open nature of the process, which subjected each of the encryption algorithms to public security. By doing so, the government could be sure that no system had a backdoor, and the chances of identifying and fixing flaws were maximized. 

In the end, the Rijndael cipher emerged victorious. A symmetric-key block cipher similar to DES but much more sophisticated, Rijndael was developed by—and named after—two Belgian cryptographers, Vincent Rijmen and Joan Daemen. In 2002, it was renamed the Advanced Encryption Standard and published by the U.S. National Institute of Standards and Technology.

The AES algorithm was approved by the NSA for handling top secret information soon after, and the rest of the technology world took notice. AES has since become the industry standard for encryption. Its open nature means AES software can be used for both public and private, commercial and noncommercial implementations. 

Today AES is a trusted system with widespread adoption. AES libraries have been developed for programming languages including C, C++, Java, Javascript, and Python. AES is used by file compression programs including 7 Zip, WinZip, and RAR; disk encryption systems like BitLocker and FileVault; and file systems like NTFS. It’s an important tool in database encryption as well as in VPN systems like IPsec and SSL/TLS. Password managers like LastPass, KeePass, and 1Password use AES, as do messaging programs like WhatsApp and Facebook Messenger. An AES instruction set is integrated into all Intel and AMD processors. Even video games like Grand Theft Auto IV use AES to guard against hackers. 

CTA Image

SolarWinds Take Control

Start a free, full-featured trial of SolarWinds Take Control Plus today. Once you start your trial, you’ll have the option to choose the paid version of either Take Control or Take Control Plus.

Take A Trial Learn More

How does AES 256 work?

AES is a symmetric key cipher. This means the same secret key is used for both encryption and decryption, and both the sender and receiver of the data need a copy of the key. By contrast, asymmetric key systems use a different key for each of the two processes. Asymmetric keys are best for external file transfers, whereas symmetric keys are better suited to internal encryption. The advantage of symmetric systems like AES is their speed. Because a symmetric key algorithm requires less computational power than an asymmetric one, it’s faster and more efficient to run. 

AES is also characterized as a block cipher. In this type of cipher, the information to be encrypted (known as plaintext) is divided into sections called blocks. AES uses a 128-bit block size, in which data is divided into a four-by-four array containing 16 bytes. Since there are eight bits per byte, the total in each block is 128 bits. The size of the encrypted data remains the same: 128 bits of plaintext yields 128 bits of ciphertext. 

How does AES work? The basic principle of all encryption is that each unit of data is replaced by a different one according to the security key. More specifically, AES was designed as a substitution-permutation network. AES brings additional security because it uses a key expansion process in which the initial key is used to come up with a series of new keys called round keys. These round keys are generated over multiple rounds of modification, each of which makes it harder to break the encryption. 

First, the initial key is added to the block using an XOR (“exclusive or”) cipher, which is an operation built into processor hardware. Then each byte of data is substituted with another, following a predetermined table. Next, the rows of the 4x4 array are shifted: bytes in the second row are moved one space to the left, bytes in the third row are moved two spaces, and bytes in the fourth are moved three. The columns are then mixed—a mathematical operation combines the four bytes in each column. Finally, the round key is added to the block (much like the initial key was), and the process is repeated for each round. This yields ciphertext that is radically different from the plaintext. For AES decryption, the same process is carried out in reverse. 

Each stage of the AES encryption algorithm serves an important function. Using a different key for each round provides a much more complex result. Byte substitution modifies the data in a nonlinear manner, obscuring the relationship between the original and encrypted content. Shifting the rows and mixing the columns diffuses the data, transposing bytes to further complicate the encryption. Shifting diffuses the data horizontally, while mixing does so vertically. The result is a tremendously sophisticated form of encryption. 

How secure is AES 256 encryption?

The National Institute of Standards and Technology selected three “flavors” of AES: 128-bit, 192-bit, and 256-bit. Each type uses 128-bit blocks. The difference lies in the length of the key. As the longest, the 256-bit key provides the strongest level of encryption. With a 256-bit key, a hacker would need to try 2256 different combinations to ensure the right one is included. This number is astronomically large, landing at 78 digits total. It is exponentially greater than the number of atoms in the observable universe. Understandably, the US government requires 128- or 256-bit encryption for sensitive data. 

The three AES varieties are also distinguished by the number of rounds of encryption. AES 128 uses 10 rounds, AES 192 uses 12 rounds, and AES 256 uses 14 rounds. The more rounds, the more complex the encryption, making AES 256 the most secure AES implementation. It should be noted that with a longer key and more rounds comes higher performance requirements. AES 256 uses 40% more system resources than AES 192, and is therefore best suited to high sensitivity environments where security is more important than speed. 

Is AES 256 crackable?

AES 256 is virtually impenetrable using brute-force methods. While a 56-bit DES key can be cracked in less than a day, AES would take billions of years to break using current computing technology. Hackers would be foolish to even attempt this type of attack. 

Nevertheless, no encryption system is entirely secure. Researchers who have probed AES have found a few potential ways in. In 2009, they discovered a possible related-key attack. This type of cryptanalysis attempts to crack a cipher by observing how it operates using different keys. Fortunately, the related-key attack is only a threat to AES systems that are incorrectly configured. 

That same year, there was a known-key distinguishing attack against AES 128. The attack used a known-key to discern the structure of the encryption. However, the hack only targeted an eight-round version of AES 128—not the standard 10-round version—so it would not be a major threat.

Since the AES cipher itself is so secure, the main risk comes from side-channel attacks. These don’t attempt a brute-force assault, but rather try to pick up information the system is leaking. Hackers can listen in to sounds, electromagnetic signals, timing information, or power consumption to try to discover how the security algorithms work. Side-channel attacks can be prevented by removing information leaks or masking the leaked data (by generating extra electromagnetic signals or sounds) so it doesn’t yield any useful information. A careful implementation of AES will guard against these side-channel risks. 

Of course, even the strongest cryptographic systems are vulnerable if a hacker gains access to the key itself. That’s why utilizing strong passwords, multifactor authentication, firewalls, and antivirus software is critical to the larger security picture. It’s also essential to educate employees against social engineering and phishing attacks. Properly trained users are the first line of defense. 

Besides its advanced technology, the open nature of AES 256 makes it one of the most secure encryption protocols. Researchers are constantly studying AES to uncover any potential vulnerabilities. Whenever one is discovered, users can take action to address the issue. 

SolarWinds® Backup and Take Control both have AES 256-bit encryption built in. SolarWinds Backup is a versatile solution, optimized for backing up physical and virtual servers, workstations, business documents, Office 365 Exchange, and OneDrive—secured both at rest and in transit with end-to-end encryption. Take Control allows you to store anything in a Secrets Vault, stored using multiple layers of encryption and a personal password unique to each technician who is granted access to the vault. Both SolarWinds Backup and Take Control utilize multifaceted implementations of AES 256 to effectively encrypt and protect your data.  

Interested in learning more about how to securely backup your servers and critical applications? Explore our product suite to see how you can be prepared for potential disasters.

 

Try SolarWinds Take Control Today

Start a free, full-featured trial of SolarWinds Take Control Plus today. Once you start your trial, you’ll have the option to choose the paid version of either Take Control or Take Control Plus.

Take a Trial

 

 

Understanding PGP Encryption
Types of Database Encryption Methods
Difference Between IPsec and SSL
You might also like...
Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

Documentation Management API and Why It’s Important for the MSP Business

Security

What Is FIPS-140-2 Standard and When Is It Required?

Security

Malware-as-a-Service: A Crucial Reason Why Security Has Grown More Complex

Security

National Computer Security Day—It’s Not Just About the Computer Anymore

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
  • TAP Blog Series: Maximizing Your Service Delivery Opportunity
  • Why Do MSPs Choose SolarWinds Backup? IT Central Station Finds Out
  • Seven Features Remote Assistance Software Should Have
  • TAP Blog Series: Creating Your Automation Strategy—Three Key Components You Must Have in Place
Categories:
  • Security (229)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (82)
  • Business Growth (75)
  • The Head Nerds (74)
  • IT Support (41)
  • Business (39)
  • Cybersecurity (37)
  • Automation (36)
  • Operations (33)
  • Mail (33)
  • Remote Management (27)
  • ITSM (25)
  • Cloud Computing (21)
  • Networking (21)
  • Data (21)
  • Marketing (14)
  • Product (11)
  • PSA (10)
  • Mobile (4)
  • Risk Intelligence (4)
  • Service Desk (4)
  • Services & Support (4)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • GDPR (2)
  • Business Risk (1)
  • LOGICcards (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.