When you read "AES-256 encrypted" on a product, what does that actually mean? AES-256 is everywhere — Signal, iMessage, WhatsApp, your laptop's full-disk encryption, HTTPS, and pswdgen.com's secret sharing feature. Here's how it works, without the mathematics degree.
What Is AES?
AES stands for Advanced Encryption Standard. It's a symmetric block cipher, meaning:
- Symmetric: the same key is used to encrypt and decrypt
- Block cipher: it encrypts fixed-size chunks of data (128 bits = 16 bytes at a time)
AES was selected by the U.S. National Institute of Standards and Technology (NIST) in 2001 after a public competition, replacing DES. It was designed by Belgian cryptographers Joan Daemen and Vincent Rijmen (original name: Rijndael).
What Does "256" Mean?
The number refers to the key length in bits. AES supports three key sizes: 128, 192, and 256 bits. The key is the secret — the thing you encrypt with and decrypt with.
A 256-bit key has 2²⁵⁶ possible values. To put that in perspective:
- The number of atoms in the observable universe is approximately 10⁸⁰
- 2²⁵⁶ ≈ 1.16 × 10⁷⁷
- Even if every atom in the universe were a computer testing a trillion keys per second since the Big Bang, you'd have checked a negligible fraction of the keyspace
AES-128 is already considered computationally unbreakable. AES-256 adds a significant safety margin against future quantum computing advances (Grover's algorithm halves effective key strength, making 256-bit keys effectively 128-bit against quantum attacks — still unbreakable).
How AES Encrypts Data (Simplified)
AES takes a 128-bit block of plaintext and your key, runs it through 10–14 rounds of mathematical transformations, and produces 128 bits of ciphertext that looks like random noise to anyone without the key.
Each round applies four operations:
- SubBytes: each byte is replaced via a lookup table (S-box), adding non-linearity
- ShiftRows: rows of the 4×4 byte matrix are cyclically shifted
- MixColumns: columns are mixed via matrix multiplication in Galois field arithmetic
- AddRoundKey: the block is XORed with a round key derived from the original key
After 14 rounds (for AES-256), the output is indistinguishable from random. Reversing it without the key is computationally infeasible.
Block Cipher Modes: Why ECB Is Dangerous
AES encrypts 128-bit blocks. But real data is rarely exactly 16 bytes. This is where modes of operation come in — they define how AES handles data longer than one block.
ECB Mode (Electronic Codebook) — Never Use This
ECB encrypts each block independently. Identical plaintext blocks produce identical ciphertext blocks. This leaks patterns.
The famous demonstration: an image encrypted with AES-ECB still shows the original image's outlines because identical pixel blocks encrypt to identical ciphertext blocks. ECB is deprecated for any real-world use.
CBC Mode (Cipher Block Chaining)
Each block is XORed with the previous ciphertext block before encryption. This breaks the pattern problem. Requires a random Initialization Vector (IV) for the first block. Secure for confidentiality, but doesn't provide authentication (doesn't detect if the ciphertext was tampered with).
GCM Mode (Galois/Counter Mode) — The Modern Standard
GCM is an Authenticated Encryption with Associated Data (AEAD) mode. It provides:
- Confidentiality: the data is encrypted and unreadable without the key
- Integrity: a 128-bit authentication tag verifies the ciphertext hasn't been tampered with
- Authenticity: proves the data was encrypted by someone with the key
#), which browsers never send to servers. The server stores only ciphertext — even if compromised, it cannot decrypt your data.
Key Derivation: From Password to AES Key
AES-256 requires a 256-bit (32-byte) key. Passwords are not 32 bytes. The process of converting a password into a cryptographic key is called key derivation.
The standard approach is PBKDF2, bcrypt, or (more modern) Argon2:
password + salt → [PBKDF2 / Argon2] → 256-bit keyThe salt is a random value added to the password before hashing, preventing rainbow table attacks (precomputed hash lookups). Key derivation functions are intentionally slow, making brute-force attacks expensive.
For random session keys (not password-derived), a CSPRNG generates the key directly — no derivation needed.
AES-256 in Practice: HTTPS
Every HTTPS connection uses AES. During the TLS handshake:
- Your browser and the server negotiate cipher suites
- A session key is exchanged using asymmetric cryptography (RSA or ECDH)
- All subsequent communication is encrypted with AES using that session key
The cipher suite you typically see: TLS_AES_256_GCM_SHA384 — AES-256-GCM for encryption, SHA-384 for message authentication.
Is AES-256 Truly Unbreakable?
The honest answer: no encryption is "unbreakable" in an absolute sense. But practically:
- Brute force: computationally infeasible for the rest of human history at current and projected computing power
- Cryptanalysis: no practical attacks on AES are known. The best theoretical attacks (biclique) reduce AES-256's effective strength to ~254 bits — irrelevant in practice
- Quantum computers: Grover's algorithm gives a quadratic speedup against symmetric ciphers. For AES-256, this reduces effective security to 128 bits — still far beyond reach
AES is not the weak link. Your password is. A 4-character password encrypted with AES-256 is trivially broken — not by attacking AES, but by guessing the password.
Summary
- AES is a symmetric block cipher with a 128-bit block size
- AES-256 uses a 256-bit key with 14 rounds of transformation
- Always use GCM mode — it provides both confidentiality and authentication
- The key (or password that derives it) is where security lives; AES itself doesn't need to be worried about