What is the difference between AES-128 and AES-256?

AES-256 uses a 256-bit key (32 bytes) versus AES-128's 128-bit key (16 bytes). AES-256 has more rounds (14 vs 10) and provides a larger security margin. Both are considered secure for practical purposes — AES-128 is faster while AES-256 is preferred for high-security applications.

What mode should I use — CBC or GCM?

Always prefer AES-GCM for new systems. GCM provides authenticated encryption — it detects if the ciphertext was tampered with. CBC encrypts but does not authenticate, making it vulnerable to padding oracle attacks. Never implement CBC without also computing an HMAC over the ciphertext.

Can I use the same IV (nonce) twice?

Never reuse an IV with the same key, especially in GCM mode. Reusing an IV in GCM completely breaks the authentication and can reveal the keystream, allowing an attacker to decrypt messages. Always generate a fresh cryptographically random IV for each encryption operation.

What is the difference between AES-128 and AES-256?

AES-256 uses a 256-bit key (32 bytes) versus AES-128's 128-bit key (16 bytes). AES-256 has more rounds (14 vs 10) and provides a larger security margin. Both are considered secure for practical purposes — AES-128 is faster while AES-256 is preferred for high-security applications.

What mode should I use — CBC or GCM?

Always prefer AES-GCM for new systems. GCM provides authenticated encryption — it detects if the ciphertext was tampered with. CBC encrypts but does not authenticate, making it vulnerable to padding oracle attacks. Never implement CBC without also computing an HMAC over the ciphertext.

Can I use the same IV (nonce) twice?

Never reuse an IV with the same key, especially in GCM mode. Reusing an IV in GCM completely breaks the authentication and can reveal the keystream, allowing an attacker to decrypt messages. Always generate a fresh cryptographically random IV for each encryption operation.

What is AES Encryption? — Symmetric Encryption Explained

Definition

AES (Advanced Encryption Standard) is a symmetric block cipher standardized by NIST in 2001 that is now the most widely used encryption algorithm in the world. Symmetric means the same key is used for both encryption and decryption. AES processes data in fixed 128-bit blocks and supports key sizes of 128, 192, or 256 bits. It is used to encrypt data at rest (files, database columns) and data in transit (TLS uses AES to encrypt HTTPS traffic after the key exchange).

How It Works

AES applies a series of mathematical operations (SubBytes, ShiftRows, MixColumns, AddRoundKey) repeatedly for 10, 12, or 14 rounds depending on key size. Each round transforms the 128-bit block using the key material in a way that is designed to be secure against differential and linear cryptanalysis. AES does not specify how multiple blocks are chained — that is the role of the mode of operation. CBC (Cipher Block Chaining) XORs each block with the previous ciphertext block, but is vulnerable to padding oracle attacks. GCM (Galois/Counter Mode) provides authenticated encryption — it simultaneously encrypts and generates an authentication tag, preventing tampering.

Common Use Cases

▸Encrypting sensitive data in databases (customer PII, payment data)
▸Securing files before cloud storage upload with AES-256
▸TLS/SSL uses AES-128-GCM or AES-256-GCM for HTTPS traffic encryption
▸Full-disk encryption (BitLocker, FileVault use AES-256)
▸Encrypting API secrets and configuration values at rest

Example

AES-256-GCM encryption:
Key:     32 random bytes (256 bits)
IV/Nonce: 12 random bytes (96 bits, unique per encryption)
Input:   "sensitive data"
Output:  ciphertext (same length as input) + 16-byte auth tag

Decryption requires: key + IV + auth tag (prevents tampering)

Related Tools

#AES Encrypt / Decrypt

Encrypt and decrypt text with AES-GCM using a password. Runs entirely in your browser.

FAQ

What is the difference between AES-128 and AES-256?: AES-256 uses a 256-bit key (32 bytes) versus AES-128's 128-bit key (16 bytes). AES-256 has more rounds (14 vs 10) and provides a larger security margin. Both are considered secure for practical purposes — AES-128 is faster while AES-256 is preferred for high-security applications.
What mode should I use — CBC or GCM?: Always prefer AES-GCM for new systems. GCM provides authenticated encryption — it detects if the ciphertext was tampered with. CBC encrypts but does not authenticate, making it vulnerable to padding oracle attacks. Never implement CBC without also computing an HMAC over the ciphertext.
Can I use the same IV (nonce) twice?: Never reuse an IV with the same key, especially in GCM mode. Reusing an IV in GCM completely breaks the authentication and can reveal the keystream, allowing an attacker to decrypt messages. Always generate a fresh cryptographically random IV for each encryption operation.

Related Terms

RSA Hash Function SSL Certificate