Securely transmitting highly confidential information without granting access to unauthorised parties has always been a challenge. Early forms of “secret languages” – such as simple letter shifts – can be broken trivially with modern computing power. Today, we protect data using cryptographic methods that are mathematically well-defined and whose security has been subject to public review.

Such methods use a key that is known only to the sender and the recipient. Encryption and decryption are performed by a cipher (encryption algorithm) – a clearly specified mathematical procedure.

Password Depot encrypts your confidential data with the Rijndael algorithm, which is standardised as AES (Advanced Encryption Standard).

In the following, we explain the algorithm and place it in its technical context.

Advanced Encryption Standard (AES) – the standardised variant of Rijndael

The U.S. National Bureau of Standards (today NIST) standardised the DES algorithm in 1977; this standard was withdrawn in 2005 because it was no longer considered sufficiently secure (NIST announcement). As its successor, NIST selected Rijndael in 2001 and based the Advanced Encryption Standard (AES) on this algorithm (FIPS 197).

Important: AES is a subset of the Rijndael family. AES fixes the block size at 128 bits and allows keys with lengths of 128, 192 or 256 bits (NIST notice, FIPS 197 (PDF)).

AES is approved for protecting U.S. government information up to the TOP SECRET level (see the CNSSP-15 Fact Sheet and the current CNSA 2.0 FAQ from the NSA).

How Rijndael/AES works (short overview)

Rijndael is a substitution–permutation network cipher. Its core ideas are byte-wise substitutions, linear transformations and XOR operations.

Processing on block level (128-bit “state”)

• Key expansion (Key Schedule): From the initial key, Nr + 1 round keys are derived (for example, 11 for AES-128, 13 for AES-192 and 15 for AES-256). Source: FIPS 197.
• Initial round: AddRoundKey – the plaintext block (represented as a 4×4-byte matrix) is combined using XOR with the first round key.
• Rounds 1 … Nr:
  • SubBytes: Each byte is replaced via an S-box (multiplicative inverse in GF(2⁸) followed by an affine transformation with the constant 0x63). Source: FIPS 197.
  • ShiftRows: The rows of the state matrix are shifted cyclically.
  • MixColumns: The columns are mixed by matrix multiplication over GF(2⁸).
  • AddRoundKey: XOR with the respective round key.
  Note: In the final round, the MixColumns step is omitted. The number of rounds is 10/12/14 for keys of length 128/192/256 bits (FIPS 197).

AES can be implemented in software, firmware or hardware (FIPS 197). For practical use, different modes of operation are applied, such as CBC, CTR or GCM (authenticated encryption). Recommendations are provided in NIST SP 800-38A and NIST SP 800-38D (GCM/GMAC).

Important classification note: AES is a symmetric cipher for data encryption. Key exchange is typically handled by asymmetric schemes ((EC)DH/RSA). However, AES can be used to wrap keys securely (“Key Wrap”) – see NIST SP 800-38F.

Official specification

You can find the reference specification here: https://csrc.nist.gov/files/pubs/fips/197/final/docs/fips-197.pdf

Brute-force attacks

Brute-force means that an attacker tries all possible keys. Classical schemes such as DES with only 56-bit keys can today be broken in practice using this approach – NIST therefore officially withdrew DES in 2005 (NIST).

Modern schemes such as AES with 128/192/256-bit keys, by contrast, have an astronomically large key space. In practice, the decisive factor is less the algorithm itself and more the key derivation from passwords and the quality of the master password you choose.

Password Depot further mitigates brute-force attacks by using a delay function: after an incorrect master password entry, the application remains locked for several seconds.

Conclusion: With correct implementation, suitable modes of operation (for example GCM) and sufficient key length, AES is currently regarded as very secure in the long term.

Read more about brute-force attacks.

Further reading

• FIPS 197 – Advanced Encryption Standard (AES)
• FIPS 197 – PDF (original specification)
• NIST: AES is a subset of Rijndael (128-bit block size)
• NIST SP 800-38A – modes of operation (ECB/CBC/CFB/OFB/CTR)
• NIST SP 800-38D – GCM/GMAC (authenticated encryption)
• NIST SP 800-38F – AES Key Wrap
• CNSSP-15 Fact Sheet – use of AES for secret/top secret information
• NSA: CNSA 2.0 FAQ – current requirements
• NIST: withdrawal of DES (background)