The Advanced Encryption Standard (AES), also called Rijndael, is a symmetric block-cipher with fixed 128-bit blocks and keysizes of 128, 192, or 256 bits. This algorithm is currently used by the U.S government for both classified and non-classified information, and has already phased out DES on all but legacy machines (triple DES is still authorized for government use, however). There were five finalists in the bid for the Advanced Encryption Standard, and the NSA analyzed all five and decreed them acceptable for encrypting non-classified government documents, but Rijndael was eventually chosen for unspecified reasons, and later authorized for use on classified documents.

If you need to encrypt data, using 256-bit AES keys in counter mode (CTR), and then appending a HMAC, is recommended by many security researchers.[1][2][3] This construction avoids many flaws in earlier systems: The AES standard uses a 128 bit block size, rather than the 64 bit block size which was suspected to be inadequate by the time of NIST's 1997 announcement of the AES contest. Keys that are 64 bits or less are suspected to be inadequate. Almost all side channel attacks require chosen inputs, which (which modes?) modes are in theory exposed to,[citation needed] and the ECB mode is even worse. CBC, CTR, EAX, and GCM are all considered strong modes as long as one authenticates the message before decrypting.[4]

Further reading edit


This page or section of the Cryptography book is a stub. You can help Wikibooks by expanding it.

  1. Colin Percival. "Cryptographic Right Answers".
  2. Jeffrey Goldberg. "Guess why we’re moving to 256-bit AES keys".
  3. Bruce Schneier. "Another New AES Attack". quote: "AES-128 provides more than enough security margin for the forseeable future. But if you're already using AES-256, there's no reason to change."
  4. "Which is the Best Cipher Mode and Padding Mode for AES Encryption?".