In 2011, Ponemon Research released a study that shook the business and hacker community to their digital core. Out of 583 U.S. companies, 90 percent of respondents claimed their computers had been hacked at least once in a year. That’s terrible news for companies, but thrilling news for hackers who continue to find ways to illegally gain access to other people’s data. Unless an Advanced Encryption Standard (AES) is in place.
In 2014, half of American adults had experienced a computer hack. Even more worrisome, the estimated annual cost over global cybercrime is $100 billion, according to go-gulf.com. The number of hackers rising from behind their laptops is astronomical. But many hackers fear AES encryption, a common encryption technology used by the U.S. military that is now used worldwide. Besides the military, e-commerce websites, banks and hospitals use AES encryption to protect consumers and clients from a data breach. So far, there’s been no major or successful cryptanalytic attacks against AES, which protects classified information and encrypts sensitive data. But how did AES this come about?
It all started with two Belgian cryptographers (a fancy word for the study of secret writing techniques) named Joan Daemen and Vincent Rijmen. They used cryptography algorithms, known as ciphers, and mathematic functions. No standards existed to promote a secure encryption algorithm until the Data Encryption Standard was published in 1977. However, the key size proved to be too small, leaving vulnerabilities and a painfully slow process. But the two cryptographers developed a symmetric block cipher (code used to conceal messages) comprised of three block ciphers, AES-128, AES-192 and AES-256.
The AES was adopted as industry standard by the U. S. National Institute of Standards and Technology (NIST) in 2001 after a three-year competition for the best encryption technique. Based off its creators’ names, AES is also called Rijndael.
What set AES apart? AES encrypts data with a secret key, and once decrypted, it uses the same secret key, but the operations are done in reverse. AES allows users to “hide” the relationship between an intended message and an encrypted message. Simply, it creates confusion. Depending on the block ciphers (AES-128, AES-192, AES-256), millions of different possible key combinations occur. Consider this number: AES-128 has more than 300,000,000,000,000,000,000,000,000,000,000 different key combinations.
Why do hackers fear AES encryption?
According to commsnetwork.com, it would one billion years for a “super-computer to crack the AES-128 algorithm using brute force.” To put it simply, AES encryption creates an unintelligible cipher block that leave hackers scratching their heads. Some officials, like Ozzie Diaz, president and CEO of AirPatrol, recognize the minor flaws in AES encryption, but still feel confident in the process.
“Can somebody repurpose and weaken the strength of the AES algorithm? Yes. That’s what cryptographers do,” he told TechNewsWorld in 2009. “But we don’t have to worry about AES being weakened anytime soon. Still, AES in theory has flaws. The bottom line is that AES isn’t broken.”
According to koftu.net, brute-forcing a 128-bit key using even the most advanced supercomputer would take 1.3 quadrillion years. Using a 256-bit key? It’s unfathomable to think how long it would take a cybercriminal to hack that!