What Is AES?
AES is a symmetric block cipher — an algorithm that encrypts and decrypts data using the same secret key. "Symmetric" means both the sender and receiver need the same key. "Block cipher" means it processes data in fixed-size chunks (128-bit blocks) rather than one character at a time.
AES was selected by the US National Institute of Standards and Technology (NIST) in 2001 after a five-year competition to replace the aging DES standard. The algorithm was designed by Belgian cryptographers Joan Daemen and Vincent Rijmen and was originally called Rijndael (pronounced "Rhine-dahl").
Since adoption, AES has withstood decades of cryptanalysis and is considered unbroken. It is the most widely deployed symmetric cipher in the world.
How AES Works
AES operates on 128-bit (16-byte) blocks of data. If your message is longer, it is split into blocks. If it does not fill the last block exactly, padding is added.
Each block goes through a series of rounds — 10 rounds for 128-bit keys, 12 for 192-bit, and 14 for 256-bit. Each round applies four transformations:
- SubBytes: Each byte in the block is replaced with a different byte according to a fixed substitution table (the S-box). This adds non-linearity — breaking any simple mathematical relationship between the key and the output.
- ShiftRows: The rows of the 4×4 block matrix are rotated by different amounts. This diffuses each byte across different columns.
- MixColumns: Each column is multiplied by a fixed polynomial in a Galois field. This ensures that changing one input byte affects all four output bytes in that column.
- AddRoundKey: The block is XORed with a 128-bit portion of the key schedule (a set of keys derived from the original key). This is where the key is actually applied.
After all rounds, the output is the ciphertext — which looks like random bytes and reveals nothing about the original data or the key.
AES Key Sizes: 128, 192, and 256
AES supports three key lengths:
- AES-128: 128-bit key (16 bytes). 10 rounds. 2¹²⁸ possible keys — about 340 undecillion. Unbreakable by brute force with current or foreseeable technology.
- AES-192: 192-bit key (24 bytes). 12 rounds. Rarely used in practice.
- AES-256: 256-bit key (32 bytes). 14 rounds. 2²⁵⁶ possible keys. Required for US government top-secret classification. The extra security margin is theoretical — AES-128 is already computationally secure.
For most applications, AES-128 is sufficient. AES-256 is the choice for sensitive government data, long-term data storage (where quantum computing might eventually become a threat), or when regulatory compliance requires it.
AES Modes of Operation
AES on its own encrypts a single 128-bit block. For real messages of arbitrary length, a mode of operation specifies how to apply AES to multiple blocks:
- ECB (Electronic Codebook): Encrypts each block independently. Simple but insecure — identical plaintext blocks produce identical ciphertext blocks, which can reveal patterns in the data. Avoid this mode.
- CBC (Cipher Block Chaining): XORs each plaintext block with the previous ciphertext block before encrypting. Requires a random Initialization Vector (IV) for the first block. Secure when used correctly.
- GCM (Galois/Counter Mode): The modern standard. Provides both encryption and authentication (AEAD — Authenticated Encryption with Associated Data). Detects tampering. Used in TLS 1.3 and most modern protocols. Recommended for new applications.
- CTR (Counter Mode): Turns the block cipher into a stream cipher by encrypting sequential counter values and XORing them with plaintext. Parallelizable and efficient.
Encrypting Text Online
Our Encryption / Decryption tool lets you encrypt and decrypt any text using AES-256 with a passphrase. The tool derives a cryptographic key from your passphrase using PBKDF2 and encrypts your text entirely in the browser — nothing is sent to a server.
This is useful for protecting sensitive text snippets, notes, or small pieces of data that you need to store somewhere insecure (a shared document, an email, a public note) and later decrypt with the same passphrase.
For understanding hashing (the one-way alternative), read our article on What Is Bcrypt.
Encrypt and decrypt text — free
AES-256 encryption in your browser. Private — nothing sent to any server.Frequently Asked Questions
What is AES encryption used for?
AES is used everywhere: HTTPS (TLS) encrypts web traffic with AES, Wi-Fi (WPA2/WPA3) uses AES to protect wireless connections, disk encryption (BitLocker, FileVault) uses AES-256, password managers encrypt your vault with AES, and most messaging apps use AES for message encryption.
Is AES-256 unbreakable?
AES-256 has never been broken. With 2^256 possible keys, a brute-force attack is computationally impossible — even with all the computing power in the world. The weak points are typically the key management (how the key is generated, stored and shared), not the algorithm itself.
What is the difference between AES-128, AES-192 and AES-256?
The numbers refer to the key length in bits: 128, 192, or 256 bits. Longer keys have more possible values and are harder to brute-force. AES-128 is still considered secure for most purposes. AES-256 provides an extra margin for top-secret data or long-term security requirements.
Is AES encryption the same as hashing?
No. AES is symmetric encryption — you can encrypt and decrypt the same data using the same key. Hashing (MD5, SHA-256, bcrypt) is one-way — you cannot recover the original from the hash. Use AES when you need to store and retrieve secret data; use hashing when you only need to verify it.
← Back to Blog | Related tool: Encryption / Decryption