A Single Shared Key
AES is a symmetric cipher: the same key both locks (encrypts) and unlocks (decrypts) the data. Think of it as a physical padlock where one key closes and opens it. That makes AES extremely fast — modern processors even have dedicated hardware instructions for it — but it raises one hard question: how do you get the key to the right person without anyone else seeing it? That key-sharing problem is solved separately, by public-key cryptography and ECIES.
AES is also a block cipher: it encrypts data 16 bytes at a time. Real files are far larger than 16 bytes, so a mode of operation (below) defines how those blocks are chained together to encrypt a whole file safely.
AES-128 vs AES-256
The number is simply the length of the key in bits. A longer key means more possible keys an attacker would have to try.
2128 possible keys — already far beyond brute force. Compact and fast; NDEVR uses it for short-lived access links.
2256 possible keys. Chosen for data meant to stay secret for decades; NDEVR uses it for stored files.
Both are considered unbreakable in practice. AES-256 is preferred when data must remain confidential for a very long time, because its larger key offers a wider safety margin against future advances — including the long-term prospect of quantum computers, which would effectively halve a key's strength but still leave AES-256 with a comfortable 128 bits of security.
CBC and GCM Modes
A mode of operation is the recipe for applying AES across many blocks. Two matter here:
- CBC (Cipher Block Chaining) — each block of plaintext is mixed with the previous block's ciphertext before being encrypted. This hides patterns: two identical paragraphs encrypt to completely different output. CBC needs a random initialization vector (IV) — a one-time random value that seeds the chain so the same file never encrypts the same way twice.
- GCM (Galois/Counter Mode) — an authenticated mode. As well as encrypting, it produces a short tag that proves the data wasn't altered. If even one bit is tampered with, decryption fails loudly instead of returning corrupted data. GCM gives you confidentiality and integrity in one step.
Why the IV matters
Reusing an IV with the same key is the classic mistake that breaks otherwise-strong encryption. A correct implementation draws a fresh random IV for every message from a cryptographically secure random generator, and stores it alongside the ciphertext (it isn't secret — it just needs to be unique).
Why It Can't Be Brute-Forced
“Just try every key” sounds simple until you count. AES-256 has 2256 keys — roughly a 78-digit number. If every computer on Earth tried billions of keys per second for the entire current age of the universe, the fraction of keys checked would still round to zero. There is no known shortcut: after more than twenty years as the world's most-studied cipher, AES has no publicly known practical attack that recovers a key faster than trying them all.
In the real world, encryption is almost never broken by attacking AES itself. It is broken by attacking around it — a weak password, a leaked key, a compromised device. That is why how a system manages and shares keys matters as much as the cipher, and why NDEVR keeps keys on your device rather than on its servers.
How NDEVR Uses AES
In NDEVR OWL, your files are sealed on your device with AES-256 before they are ever uploaded — the server only ever stores ciphertext. Each file gets its own random key; that key is then itself wrapped (using ECIES and AES-256-GCM) so only the people you choose can unlock it. Short-lived access links use AES-128, which keeps link payloads compact while the server validates them before any file data is sent. See OWL Encryption for the full key-sharing flow.
References & Further Reading
- NIST, FIPS 197: Advanced Encryption Standard (AES) — the official AES specification.
- NIST, SP 800-38A — block-cipher modes of operation (defines CBC).
- NIST, SP 800-38D — Galois/Counter Mode (GCM) and GMAC.
- Wikipedia, Advanced Encryption Standard — accessible overview and history.