How does the encryption algorithm Rijndael (also called AES) work?

It can be dangerous to try and transport highly confidential information to a secure place without unauthorized persons having access to it. For centuries people have always tried to create cryptographic languages that couldn't be decoded easily. From the ancient Rome to the Second World War and until today, heads of state and other powerful persons sent orders and important information encoded to mislead enemies or to keep information safe from unauthorized persons.

Unfortunately most of the time these encryption methods could be decoded easily. For example, cryptographic languages created by moving letters (e.g. today is a nice day = tod ayi sani ced ay) could be decoded easily. The problem with all, even the most elaborate cryptographic languages, is that, once the cipher has been found out, every text can be ’translated’. At the latest with the use of computers it became impossible to keep a cipher based on moving letters secret.

Nowadays other encryption methods are required to hide confidential information. These methods also use some sort of key which is only known to the sender and the recipient. So-called encryption algorithms are used for encrypting and decrypting. An encryption algorithm is a mathematical procedure which indicates how the data is converted.

Password Depot uses the Rijndael (also called AES, Advanced Encryption Standard) algorithm to encrypt your confidential information.

Following we will explain this security algorithm and how it works.

Rijndael

The U.S. National Bureau of Standards created a complicated encryption standard called DES (Data Encryption Standard) which offered unlimited ways to encrypt data. This encryption standard was replaced by Rijndael encryption. The name Rijndael is composed of the names John Daemon and Vincent Rijmen, two Belgian cryptology experts and authors of this method. Rijndael uses a key for encryption that has a size of 128, 192 or 256 bits, which provides high protection against brute force attacks. In additon, this encryption method also works three times faster in software than DES. This method can be used for securely exchanging keys as well as transferring data with a size of 128 or 256 bits.

AES-256 is certified in the USA for government documents that are marked as top secret.

This is how the encryption algorithm Rijndael works

The Rijndael encryption method is based on replacing, changing and performing xor operations on bytes.

The method looks like this:

  • From the 128-bit key, Rijndael generates 10 keys of 128 bits each.
  • These keys are placed into 4x4 arrays.
  • The plain text is also divided into 4x4 arrays (128 bits each).
  • Each of the 128-bit plain-text items is processed in 10 rounds (10 rounds for 128-bit-keys, 12 for 192, 14 for 256).
  • After the 10th round the code is generated.
  • Each single byte is substituted in an S box and replaced by the reciprocal on GF (2 8).
  • Then a bit-wise modulo-2 matrix is applied, followed by an XOR operation with 63.
  • The lines of the matrices are sorted cyclically.
  • The columns of the matrix multiplication are interchanged on GF (2 8).
  • The subkeys of each round are subjected to an XOR operation.

The security level of this encryption method increases if Rijndael is performed several times with different subkeys.

The official specifications can be found on the following page: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

Brute Force Attack

Brute Force Attacks are very dangerous, as all possible keys are used to attack an encryption method. The attacker can spread a virus over the Internet that tries out keys in the background undetected and exchanges its results through a server. With this kind of attacks it is nowadays possible to crack DES within a short amount of time. Modern methods like BlowFish and Rijndael are protected against Brute Force Attacks, as their key sizes can be higher than 128 bit.

Furthermore, Password Depot's delay function makes Brute Force Attacks more difficult. This function automatically locks the program for a few seconds after a wrong password was entered.

And one thing is certain: As the key size for Rijndael can be varied randomly, these modern security algorithms are considered to remain uncrackable for a very long time!

More about Brute Force Attacks.