AES, from the English acronym for Advanced Encryption Standard, is the most widely used encryption standard in the world, adopted by the U.S. government and most modern security systems. It is a symmetric block cipher, meaning it uses the same key to encrypt and decrypt data. It processes 128-bit blocks and can use different key lengths, which determine its level of security and performance.
It was adopted in 2001 when the U.S. National Institute of Standards and Technology (NIST) selected the Rijndael algorithm as the official encryption standard to replace the older standard (DES). This algorithm was created by Vincent Rijmen and Joan Daemen.
It is the algorithm used by default around the digital world, present in websites (with https), SSH connections, Wi-Fi (WPA2/WPA3), among others. It is a symmetric character cipher, since it uses the same key for both encryption and decryption. Each data block consists of 128 bits.
Among the key sizes in AES, there are currently three types: AES-128, AES-192, and AES-256, which consist of 10, 12, and 14 rounds respectively.
Rounds or Iterations in AES
Rounds are internal iterations that the algorithm uses to transform plaintext into secure ciphertext. The algorithm, through each iteration, executes operations that include: SubBytes, Shifts, MixColumns, AddRoundKey.
| Operation | Description |
| SubBytes | Non-linear substitution of each byte using a table S-Box. |
| ShiftRows | Shifting the rows of the data array to mix the information. |
| MixColumns | Mathematical merging of the columns (does not apply to the last one) round). |
| AddRoundKey | Combination with a subkey derived from the main key. |
The certificates we offer at MOX consist of all these operations to run everything from Hosting with SSL certificates to VPN with encryption using AES-256 ciphers.
Encryption AES-128
- Key length: 128 bits.
- Security: Considered extremely secure; No known practical attack has broken it.
- Performance: Very fast and efficient, especially on hardware with AES-NI support (CPU instructions to accelerate encryption).
- Typical VPN Use: Preferred in environments where speed is crucial (mobiles, routers).
Encryption AES-192
- Key Length: 192 bits.
- Security: More secure than AES-128, although in practice AES-128 is already strong enough.
- Performance: Slightly slower than AES-128.
- Typical use in VPN: Uncommon; mainly used in very strict security configurations.
AES-256 encryption
- Key length: 256 bits.
- Security: Maximum security level approved by the NSA for \"Top Secret\" classified data.
- Performance: Slightly slower than AES-128 due to more encryption rounds.
- Typical VPN Use: Ideal for maximum security, widely used in commercial VPNs and government.
What types of VPNs that use AES
OpenVPN
Use AES-128 or AES-256 in CBC (Cipher Block Chaining) or GCM (Galois/Counter Mode) mode. GCM is preferred because it includes authentication and is more efficient.
IKEv2/IPSec
Supports AES-128, AES-192 and AES-256, usually in GCM mode. Popular on mobile devices (iOS, Android) and corporate environments.
WireGuard
By default, it does not use AES, but ChaCha20 (more efficient on mobile).
However, it can operate with AES in some forks or hybrid implementations.
L2TP/IPSec
Almost always implemented with AES-128 or AES-256 for data encryption.
MOX VPN
Connection generation available for L2TP, OpenVPN using AES-256 to maximize security and also available for WireGuard via Chacha20
Comentarios
0Sé el primero en comentar