How secure is AES 256-bit encryption? An example.

The Advanced Encryption Standard (AES) is one of today's standards for data encryption. AES is a symmetric* encryption method. This means that the same key is used for both encryption and decryption (and must be known). AES uses a fixed block length of 128 bits and a defined key length of 128, 192, or 256 bits.

*Symmetric encryption methods: Unlike asymmetric encryption methods, where data is encrypted with a public key and decrypted with a (different) private key (thus using two different keys), symmetric encryption methods use the same key for both encryption and decryption.

Generally speaking: The longer the key or number of bits, the more securely the data is encrypted, and the more resources are needed for encryption and decryption. The terms AES 128, AES 192, and AES 256 refer to the bit length of the key.

A calculation example with AES 256:

Let's assume an attacker wants to crack our encryption. To illustrate, let's do a small calculation example for AES 256 bit:

• Key combinations: AES with 256 bit enables 2^256 different key combinations, that's 1.15792E+77 possible keys (115,792 followed by another 77 zeros). That's exactly 1,157,920,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 possible keys.
• CPU Performance: A current computer with a relatively powerful Intel® Core i7-7700k processor with 4 cores and 4.20 GHz clock rate per core can make about 16.8 billion attempts per second to crack the key (This is a theoretical calculation example; effectively it would be less since the CPU has many other tasks to handle and can't test a whole key with every clock cycle). We'll see that even if the attacker had 10,000 or even 1,000,000 CPUs available, the duration would only be marginally shorter.
• Duration: With 1.15792E+77 key combinations, divided by 16.8 billion attempts per second to crack the key, it takes an average of 6.89239E+66 seconds to decrypt the data.
• Duration in years: 6.89239E+66 seconds is about 2.18556E+59 years needed to crack the key. An unimaginably large number: That's a total of 218,556,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years!
• We now need to halve this number because over a large number of attempts, the key will on average be found after half of all theoretically possible keys (Compare this to an old bicycle lock with 3 digits from 0-9: There are 1000 combinations here (000-999). If we were to crack hundreds of such locks, we would need an average of 500 attempts per lock to open it, assuming the keys were perfectly randomly distributed).
• Of course, a serious attacker would have more computing capacity than in our example above, but even if they had a thousand or even ten thousand times the computing power, you would only need to remove 3 or 4 zeros from the number of years mentioned above (!!!).

The number of years it would take to crack a single AES key in this way is longer than the universe is old and longer than our sun has fuel left. Although some theoretical attack possibilities on AES have been found under certain conditions not present in practice, cracking AES is considered impractical. The attack methods found have no practical relevance because either the necessary conditions don't exist or because they only reduce the necessary cracking time by a few thousand years. It's therefore not surprising that AES 256 is currently considered uncrackable and thus secure, and at Backup ONE, we can guarantee the data security of all customer data through the use of this proven and hundreds of times peer-reviewed encryption method.

Conclusion

From a mathematical perspective, AES can be considered secure today and likely for quite some time to come. The calculation examples shown above demonstrate how long a theoretical attack would take and thus show that such an attack is not practical. This also explains the widespread use of AES.

Bonus for more information on the topic:
The security of AES 256 bit is very well visualized in this (English) video:

Test our solutions!

• Free and non-binding
• Full functionality
• 20 days trial
• Ready to use immediately