How does the encryption algorithm Rijndael work? (Also known by the abbreviation AES)

Transferring highly confidential information to a secure location without unauthorized access to that information presents many dangers. Over the centuries, people have made repeated attempts to develop particularly hard-to-decipher secret languages. From ancient Rome to the Second World War to the present day, orders were sent in encrypted form by statesmen and important commanders to deceive the enemy or keep the information out of the hands of unauthorized persons.

Unfortunately, these forms of encryption were usually very easy to crack. For instance, one could easily decipher secret languages, which have arisen from the displacement of letters (e.g., today is a beautiful day = heute ist ein schöner Tag = heu teis teinsch önert ag). The weak point of all sophisticated secret languages is that once the key has been found, any text can be "translated". At least with the use of computers, it has become impossible to keep secret a key attributed to the shifting of letters.

Today, other encryption methods have to be used to avoid sharing confidential information with everyone. In this case, too, again a key is used, which only the sending and the receiving side know. For encryption and decryption, so-called encryption algorithms are used. An encryption algorithm is a mathematical method, according to which the conversion of the data takes place.

Password Depot uses the encryption algorithm Rijndael or AES (Advanced Encryption Standard) to encrypt your confidential data.

This security algorithm is explained in more detail below.

Advanced Encryption Standard, short AES or Rijndael

The US National Bureau of Standards developed a complicated encryption standard called DES (Data Encryption Standard) , which offered unlimited data encryption capabilities. This encryption standard has been largely replaced by Rijndael encryption. The name Rijndael is derived from the names of the Belgian cryptologists and originators of this encryption method, Joan Daemen and Vincent Rijmen. At Rijndael, encryption is done with a 128, 192, or 256-bit key, which provides guaranteed increased security against brute-force attacks. In addition, this encryption method works three times faster than DES in software. This method can be used both for the secure exchange of keys and for the transmission of data with a length of 128 or 256 bits.

AES is approved in the United States for high-level security clearance government documents.

This is how the encryption algorithm Rijndael works

Rijndael encryption is based on byte-by-byte replacement, swap, and XOR.

The procedure looks like this:

  • Rijndael again generates 10 128-bit keys from the 128-bit key.
  • These are stored in 4 x 4 tables.
  • The plaintext is also divided into 4 x 4 tables (each in 128-bit chunks).
  • Each of the 128-bit plaintext pieces is processed in a 10-round process (10 rounds on 128-bit keys, 11 on 192, 13 on 256).
  • Thus, the code is generated after the 10th round.
  • Each individual byte is substituted in an S-box and replaced by the reciprocal over GF (2 8).
  • Subsequently, a modulo 2 matrix is applied bitwise and an XOR operation is performed at 63.
  • The rows of the matrices are now sorted cyclically.
  • Then the columns are exchanged by matrix multiplication via a Galois field (GF) (2 8).
  • An XOR link is applied to the subkey for each round.

The security of this encryption method increases when Rijndael is performed several times with different round keys.

The official specification can be found at https://csrc.nist.gov/files/pubs/fips/197/final/docs/fips-197.pdf

Brute-force attacks

Brute-force attacks are very dangerous because all sorts of keys are used to attack a process. The attacker can spread a virus via the Internet, which secretly tries keys in the background and exchanges the results via a server. With these attacks, you can crack e.g. DES within a very short time. More modern methods, such as BlowFish and Rijndael, are protected against brute-force attacks, as their key length can exceed 128 bits.

Password Depot also makes brute-force attacks more difficult with a delay function. This causes the program to remain locked for a few seconds after an incorrectly entered master password.

And one thing is certain: since the key length at Rijndael can vary as desired, this modern security algorithm is considered safe for a very long time from today's perspective.

More about brute-force attacks.