Showing results for 
Search instead for 
Did you mean: 
Create Post

Advanced Encryption Standard (AES): the One that Really Matters

Level 13

If anyone can break your code, then potentially everyone can break it. The difference between anyone and everyone is just access to the right tools and the time to apply them.

You may remember that in 2004 a retired engineer named Mark Klein blew the whistle on a National Security Agency (NSA) electronic surveillance tap setup in Room 641A at the AT&T building in San Francisco, CA. Fiber optic lines in the trunks carrying internet backbone traffic through the building are beam-split to feed Narus Sta 6400 deep packet inspection devices in this secure room.

The Narus devices are capable of looking at every packet of data passing through the internet backbone in real-time (10-gigabit-per-second), filtering all the data into a pipeline for warehouse storage. William Binney, a former director of NSA operations, estimates that 10 to 20 of similar rooms are setup in telecommunications facilities geographically distributed across the US.

It's all part of the formerly secret project called Stellar Wind; though illegal at the time, the project became retroactively legal with The FISA Amendment Act of 2008 and continues today.

Narus devices cannot inspect packets encrypted with AES; nor can any other data-mining system currently available. AES-encrypted data are like unbreakable nuts swallowed whole into the vast storage system. Even when the NSA's new 1 million square foot datacenter in Bluffdale, Utah comes online in 2013, the NSA will be no more capable of cracking AES-encrypted data. Crypto experts confidently dismiss brute force computer attacks on the Rijndael algorithm (underlying AES), saying that such an effort would take longer than the age of this universe.

Yet, building out their big data Leviathan is the NSA's long-term gambit to succeed in both comprehensive surveillance and storage, and also at gaining cryptoanalytic access to the most secure of data. The growing and housing of a data set in the yottabytes (1 yottabyte = 1quadrillion gigabytes) along with petaflops of computing power are conjoined attempts to enable their crypto software the leverage of scale and speed. As the spookiest of NSA cryptoanalysts hypothesize, if their software establishes enough patterns among similar data, the code-breaking software may defeat the AES algorithm.

Should the NSA Leviathan break AES, and assuming no stronger encryption algorithm takes over, then everybody's data will be subject to whoever controls the system. No digital communication over the internet would be private.

For now, however, nobody and no system on Earth can decrypt AES if used with 192 or 256 bit key lengths. In fact, the US federal government requires AES with a 256 bit key length for encrypting digital documents classified as 'top secret.'

Encrypting your Data

So if you want the data flowing to and from your network to be truly secure, you should use IPsec tunnels on the WAN linking your LANS, use AES cipher suites for TLS in passing web and mail data, use SNMPv3 for polling MIBS in all network monitoring.

As far as network monitoring tools that support SNMPv3, SolarWinds offers Network Performance Monitor for monitoring nodes, Network Configuration Manager for configuration downloads and uploading configuration changes, and VOip & Network Quality Manager for watching the quality of traffic flow on your VoIP-enabled network.


Level 15

Nice info.

Level 7

Awesome, very nice explanation! I just ran across this guide: AES Encryption: An Explanation by WinZip Computing  and learned a bit about aes encryption, but I couldn't understand completely how it makes data so much safe, so I searched more and ran across your article, and you answered all my questions very simply. Thank you.

About the Author
If I were a HAL 9000 series computing machine I might be in an operational state on a space vessel somewhere in our little solar system, closer to Jupiter than Earth, with some probability of lethal malfunction; and to understate the obvious, I would not be helping anyone here on But I do or try to help people on watch their bits better. Therefore, I am probably not a HAL 9000 series computing machine. I alternate between feeling ambiguously clear (state='0' if you like) and clearly ambiguous (state='1' as it were). I enjoy verbing nouns.