For business executives and marketers, as well as IT departments, the following paragraphs on the secrets of cryptography hold a useful lesson. First a quick recap on what this is all about. AES stands for Advanced Encryption Standard, used to keep your data confidential. The 128 and 256 numbers refer to the size of the ‘key’ that is used to encrypt your data and then to decrypt it so that you can use it again. In an intuitive marketing sense, 256 should be significantly better or ‘stronger’ than 128. This sounds good, but is it of any practical use? Or is it simply fulfilling a psychological need rather than a technical one?
‘New and improved’ is an ages-old marketing tactic. People love ‘new’ and the idea of ‘improved’ at the same price suggests they are getting a better bargain too, especially if it’s free in the first place. Add to this the ease of comparing numbers (bigger is better, right?) and it’s clear to see why marketers for computers, cars and many other products use numbers as product labels. Not only that, but AES 256 isn’t just ‘twice as good’ as AES 128, but in fact ‘much, much better’. Those numbers refer to exponential powers of 2, as in 2256, which is 2x2x2… multiplied together 256 times. This is a measure of the number of different combinations a hacker would have to try to break AES 256 encryption.
Now, 2256 is a huge number. Just try multiplying 2x2x2x2… and you’ll see how quickly it mounts up. But then 2128 (corresponding to AES 128 encryption) is pretty huge as well. Already trying to hack AES 128 encryption with today’s computing power would likely take billions of years. So what about our marketing discussion? For the most part, people move to AES 256 encryption because a) it’s in the IT products they buy anyway, b) AES 128 or 256 encryption no longer has any noticeable performance impact on today’s computing devices, c) government agencies recommend AES 256, d) they feel safer, or e) some combination of the above. So ‘new and improved (and free)’ wins again!