Ever wondered what keeps everything from your Amazon purchases to your online banking protected from prying eyes?
Encryption is the practice of obscuring digital and analog information behind increasingly complex algorithms using a secret key. This operation and the decryption process are fast and efficient, but only with knowledge of the secret key. Trying to decrypt the information without the key is incredibly difficult, even with specialized hardware or supercomputers. Advanced Encryption Standard-256 (AES-256) is one of the strongest and most widely used encryption techniques to secure your information as it travels around the web and back.
But what is AES-256, and how did it become the predominant encryption method in our online lives?
What Is AES-256 Encryption?
In brief, AES-256 is a symmetric block cipher that protects your data by scrambling it into unreadable code.
Codified by the U.S National Institute of Standards and Technology (NIST) in 2001, AES comes in three key sizes: 128, 192, and 256 bits. Each version uses the same 128-bit block size but differs in how many transformation rounds are applied during encryption. A "round" is a sequence of four transformations: SubBytes (substitution), ShiftRows (permutation), MixColumns (mixing), and AddRoundKey (applying the key schedule).
Each round makes the ciphertext more jumbled and less recognizable, so by the time you've gone through 14 rounds, even a single flipped bit in the plaintext looks like completely unrelated data.
AES-256 was released in 2001 after winning out over 15 other encryption standards in a global NIST competition. Its uses include encrypting web traffic, encrypting the data stored on hard drives, mobile devices, VPNs, banking, government, and defense communications.
| AES Variant | Key Length | Rounds | Example time to break without key |
| AES-128 | 128 bits | 10 | ~1 billion billion years (source) |
| AES-192 | 192 bits | 12 | Tens of quintillions times longer than AES-128 |
| AES-256 | 256 bits | 14 | Tens of quintillions times longer than AES-192 |
How Does AES-256 Protect Your Information Every Day?
Let's start with an easy example: Online banking.
TLS Leads the Way
When you open up your online bank from a web-connected device, a process known as a TLS (Transport Layer Security) "handshake" occurs between the bank's servers and your device.
The device and the server have a sort of conversation with one another, going through a series of checks that allow them to establish keys for secure communication (for example, using AES-256).
Your device first sends through details about supported standards and encryption algorithms (like AES-256). The server responds with a compatible standard and encryption parameters and identifies itself with a certificate. Certificates are a way to prove the identity of a server (like a digital passport for a website). They are issued by a trusted third party (a certificate authority) and can be validated by your device. Once your device and the server have established authenticity, they can complete the TLS handshake to establish a secure key (known as the session key).
AES-256 Takes the Reins
Once that handshake is complete and with the necessary secure keys, the connection switches over to apply encryption, like AES-256.
After the AES-256 encryption is applied, all information contained within can only be decrypted using the key, keeping it confidential. AES-256 encrypts data with such a complex math problem that it would take the world's most powerful supercomputer at the time of writing, El Capitan, trillions of years to calculate every possible permutation to find the right key and decrypt the data.
Solving for the key in this encrypted connection is like figuring out a maze. Most computers of today can only try one path in the maze at a time. After the CPU or GPU realizes it's not the right solution, it has to try again.
But what if a new type of chip, one that seemingly defies physics, could accelerate this process?
Quantum Comes Into Play
Though once heralded as the potential end for encryption as we know it, leading to an information dark age that would make the Y2K Bug look like a blip, quantum computing still has a long way to go before AES-256 encryption has anything to worry about.
Quantum computers don't need to calculate in binary ones and zeros. Instead, by relying on a whole different host of underlying mechanics that make up the structure of the universe itself, quantum computers can calculate zero and one simultaneously. It achieves these calculations using "qubits"; the more qubits a quantum computer has, the more powerful it is. In the early days of quantum processing, this change in the nature of computing led some researchers to question how effective an operational, error-free quantum system would be at breaking AES-256 encryption.
Nearly every major public and private institution today relies on some level of AES encryption to protect their communications. But if quantum computers could break AES, would they break the security of our online world as we know it?
Not yet.
First, current quantum computers are still too unstable and error-prone to reliably crack even some of the least secure encryption methods out there, like RSA, with toy bit sizes. Though China recently reported a local research team had cracked 24-bit RSA encryption using a quantum computer, the bit depth of 24-bit RSA is so weak that a standard laptop in 2025 could do the same in seconds. For comparison, most modern implementations of RSA are either 2,048 or 4,096 bits long.
Next, there's the issue of AES-256's sheer size. The number of possible combinations in each AES-256 key exceeds the number of atoms in the observable universe. As fast as quantum computers may be today compared to classical computers when it comes to certain calculations, they're still decades, or potentially even more, away from computing at those scales.
However, one attack, known as "Harvest Now, Decrypt Later" (HNDL), still concerns some cryptologists.
A Chink in the Armor
While AES-256 is presently uncrackable, a concern expressed by some nation states is the practice of Harvest Now, Decrypt Later tactics. The initial algorithms used in the TLS handshake to determine the session key for AES-256 encryption are the weakest link in the chain. While currently unfeasible to break, it may be possible in the future with quantum computers. If this is broken, then the stronger AES-256 security can be bypassed due to knowledge of the session key.
Some security experts have proposed that bad actors could simply store encrypted communications and then decrypt the data later once quantum computers are up to the task. Although they wouldn't be able to crack the contents of those communications until some unknown date in the future, they could still take the safe out of the bank to crack later, for lack of a better metaphor.
Will A VPN Encrypt All Your Communications With AES-256?
In short, yes, but it depends on the VPN provider you choose, the security protocol you want to use, and what features the VPN offers.
What Does Your VPN Know About You?
VPNs create a tunnel between you and the VPN provider over which data coming to and from your device can travel. For example, unlike online banking apps or websites, which create an encrypted connection only while you're connected to their servers, connecting your device to a VPN server means all communications can be sent to the VPN server encrypted. Once it reaches the VPN server, the VPN encryption is removed, and only the HTTPS-encrypted traffic remains. This ensures your ISP cannot inspect your traffic, as it only sees encrypted packets to the VPN.
However, not all VPNs are created equal in terms of security and encryption protocols. Many VPN providers have switched their clients over to a popular tunneling protocol known as WireGuard due to the simplicity of adoption and connection speeds (see our investigation comparing WireGuard to OpenVPN here). However, it relies on a newer encryption standard, ChaCha20. ChaCha20 is considered as safe as AES-256, but it hasn't been in use for as long.
VPNs often offer protocols to select from, too. Some may only support WireGuard or their own proprietary build that operates on top of WireGuard's architecture, like NordVPN's NordLynx protocol, while others may use OpenVPN or IPSec. Both OpenVPN and IPSec rely on AES-256 to encrypt all communications coming from or going to your device.
Some VPNs are also moving into the world of post-quantum cryptography, like ExpressVPN and its Lightway Protocol. This aims to ensure your communications are safe from current and potential future threats with powerful Quantum Computers.
Overall, AES-256 is just one of many different types of encryption and personal information protection techniques that make our online world possible. Without them, hackers would be free to easily intercept our online banking details, listen in on our conversations, and mine for government secrets.
Conclusion
Your day-to-day communications and data storage are protected by AES-256 or other encryption algorithms, most often by your web browser or operating system. Whether it's Windows, iOS, Android, or anything else that runs a piece of hardware, connecting on those platforms using popular browsers like Chrome, Firefox, or Safari, as well as connecting through verified apps, is enough to protect your communications.
However, there are still many instances where encryption alone doesn't guarantee absolute security. A few examples include if your device is compromised by malware, if you connect through an unverified or malicious app, or if you fall victim to phishing. AES-256 can't protect the data you willingly hand over. Similarly, weak passwords, poor key management, or outdated software can undermine the strength of even the most advanced encryption. In short, AES-256 is a powerful lock, but it's only as effective as the keys you use and the habits you practice with them.