Home Blog What Is AES Encryption? AES-128 vs AES-256 Explained

What Is AES Encryption? AES-128 vs AES-256 Explained

AES is a NIST-standardized symmetric block cipher used worldwide to protect sensitive data. This guide explains how AES works, compares key sizes, and outlines where it’s used in modern security protocols.

AES encryption secures modern data across TLS, Wi-Fi, VPNs, and storage systems.
Key Points
  • AES (Advanced Encryption Standard) is a symmetric block cipher adopted by NIST in 2001 to protect electronic data.
  • Three key sizes exist: AES-128 (10 rounds), AES-192 (12 rounds), and AES-256 (14 rounds).
  • AES is the encryption standard behind WPA2 and WPA3 Wi-Fi security, HTTPS, and VPNs.
  • AES encryption is widely considered secure against practical attacks when paired with strong key management.
  • RSA is asymmetric (uses public/private key pairs) while AES is symmetric (uses one shared key). Both algorithms are often used together.

The Advanced Encryption Standard (AES) is a symmetric key encryption method for securing data. Adopted by NIST in 2001, it operates as a block cipher that translates readable data into fixed-size blocks with 128-bit block sizes and variable key lengths.

What Is AES Encryption?

The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the US National Institute of Standards and Technology (NIST) in 2001.

AES is a symmetric key cipher, meaning the same key is used to both encrypt and decrypt data. It replaced the older Data Encryption Standard (DES) and is now the global benchmark for symmetric encryption, used in everything from Wi-Fi protocols to government classified systems.

AES Key Sizes: AES-128, AES-192, and AES-256

AES supports three key lengths, each offering a different balance of speed and security:

  • AES-128: 128-bit key with 10 encryption rounds, prioritizing speed for low-risk applications.
  • AES-192: 192-bit key with 12 rounds, offering balanced security and performance.
  • AES-256: 256-bit key with 14 rounds, providing maximum protection for highly sensitive data.

Longer keys increase the number of combinations an attacker would need to test in a brute-force scenario, which is why AES-256 is the standard choice for classified government data and high-value financial systems. For most enterprise use cases, AES-128 and AES-256 are the most common. AES-192 is used less frequently in practice.

How Does AES Work?

The encryption process involves four phases: key expansion, the encryption process itself (including round key addition, byte substitution, row shifting, and column mixing), multiple repeated rounds, and a final round that omits column mixing. The encryption process is followed by the decryption phase.

Key Expansion

Before encryption begins, AES expands the original key into a series of round keys using a process called the key schedule. Each round in the encryption process uses a different derived key, which strengthens resistance to cryptanalysis.

The Encryption Process

Each round (except the final one) applies four operations to the data block in sequence:

  1. SubBytes: Each byte in the block is replaced with a corresponding value from a fixed substitution table (the S-box), introducing non-linearity into the cipher.
  2. ShiftRows: The rows of the 4×4 byte matrix are shifted cyclically by different offsets, spreading data across columns.
  3. MixColumns: Each column of the matrix is multiplied by a fixed polynomial, further mixing the data.
  4. AddRoundKey: The block is combined with the round key derived during key expansion using an exclusive OR (XOR) operation.

Repeated Rounds

The encryption round is not applied just once: AES repeats it multiple times, with the exact number depending on the key length used.

A 128-bit key runs ten rounds, a 192-bit key runs 12, and a 256-bit key runs 14. Each round uses a different derived key from the key schedule, and the cumulative effect of these repeated transformations is what makes AES resistant to cryptanalysis.

The Final Round

The final round repeats SubBytes, ShiftRows, and AddRoundKey, but omits the MixColumns step. This is by design: omitting MixColumns in the last round makes decryption more efficient without reducing security.

AES Decryption

Decryption runs the same four operations in reverse order using the inverse of each transformation (InvSubBytes, InvShiftRows, InvMixColumns, AddRoundKey). Because AES is a symmetric cipher, the same key used for encryption performs decryption. The key must be kept secret and transmitted securely between parties.

Real-World Applications of AES

AES protects data across wireless networks (WPA2/WPA3), HTTPS connections, VPNs, cloud storage, financial transactions, password managers, and messaging applications used by government and military systems.

AES in Wi-Fi Security

One of the most common deployments of AES is in Wi-Fi network encryption. The WPA2 and WPA3 protocols — the current standards for securing wireless networks — both use AES as their underlying cipher.

In WPA2, AES is implemented through the CCMP (Counter Mode CBC-MAC Protocol) encryption mode. WPA3 strengthens this further with the Simultaneous Authentication of Equals (SAE) handshake but still relies on AES for data encryption.

For organizations running enterprise Wi-Fi, AES-based encryption is only as strong as the authentication layer protecting it. Password-based Wi-Fi authentication leaves networks vulnerable to credential theft and over-the-air attacks. Certificate-based 802.1X authentication pairs AES encryption with a cryptographic identity for every device, eliminating the credential attack surface entirely.

SecureW2 Cloud RADIUS supports WPA2/WPA3 Enterprise networks with certificate-based authentication, giving IT teams a way to enforce AES-protected Wi-Fi access without relying on shared passwords.

What Are the Risks of AES Encryption?

While AES is widely considered the gold standard for symmetric encryption, it is not without risks. Understanding these threats helps organizations deploy AES correctly.

  • Brute-force attacks: An attacker who can test every possible key combination could, in theory, break AES. In practice, AES-128 has 2^128 possible keys — a number large enough to make brute force computationally infeasible with current hardware.AES-256 raises that to 2^256, which is considered secure against even quantum computing advances for the foreseeable future.
  • Side-channel attacks: Rather than attacking the algorithm directly, side-channel attacks exploit information leaked by the physical implementation — timing differences, power consumption, or electromagnetic emissions. Defending against these attacks is especially important in hardware implementations such as smart cards and embedded systems.
  • Key management failures: The most realistic attack vector against AES is not the cipher itself but the management of the keys. Keys stored insecurely, transmitted without protection, or reused across sessions create vulnerabilities that bypass the encryption entirely. Strong key management, trained staff, and advanced randomization techniques are important components of a sound AES deployment.
  • Weak modes of operation: AES in Electronic Codebook (ECB) mode encrypts identical plaintext blocks into identical ciphertext blocks, creating patterns that can be detected. Cipher Block Chaining (CBC) and Galois/Counter Mode (GCM) address this — GCM is the preferred mode for most modern applications because it also provides authenticated encryption.

AES vs. RSA: What’s the Difference?

AES and RSA are both encryption standards in widespread use, but they solve different problems and are typically deployed together rather than as alternatives.

AES is symmetric encryption: One shared secret key encrypts and decrypts the data. This makes AES fast and efficient for bulk data encryption — it is the right tool for encrypting files, disk volumes, network traffic, and database records at scale. The challenge with symmetric encryption is that both parties must already share the key securely before communication begins.

RSA is asymmetric encryption: It uses a mathematically linked public/private key pair. Data encrypted with the public key can only be decrypted by the corresponding private key, and vice versa. RSA does not require a pre-shared secret, which makes it well-suited for establishing trust and exchanging keys between parties who have never communicated before. The tradeoff is that RSA is significantly slower than AES for bulk data.

In practice, most secure systems use both: RSA (or elliptic-curve cryptography) to establish a session and exchange an AES key, and AES to encrypt the actual data. TLS handshakes, HTTPS connections, and VPN tunnels all follow this pattern. The Dynamic PKI platform from SecureW2 automates the certificate lifecycle that makes RSA-based authentication practical at enterprise scale.

Secure Your Wi-Fi with AES-Protected 802.1X Authentication

AES encryption is the backbone of modern Wi-Fi security — but encryption alone is not enough. Without strong device authentication, an attacker can still gain access to an AES-encrypted network by obtaining or spoofing credentials.

SecureW2 provides a complete platform for deploying WPA2/WPA3 Enterprise Wi-Fi with certificate-based 802.1X authentication. Every device receives a unique certificate, eliminating shared passwords and ensuring that only trusted devices can connect — no matter where they are.

Schedule a demo to see how SecureW2 Cloud RADIUS and automated certificate management can strengthen AES-encrypted Wi-Fi across your organization.

Frequently Asked Questions

What is AES and what does it do?

AES (Advanced Encryption Standard) is a symmetric block cipher used to encrypt and decrypt electronic data. It takes readable plaintext and transforms it into unreadable ciphertext using a secret key, protecting data from unauthorized access. It is used in Wi-Fi networks, HTTPS, VPNs, cloud storage, and government communications.

What is AES in simple terms?

AES is a lock-and-key system for digital data. The “lock” is an algorithm that scrambles your data into an unreadable form. The “key” is a secret string of bits (128, 192, or 256 of them) that can unscramble it. Without the correct key, the scrambled data is computationally infeasible to read.

What does AES stand for?

AES stands for Advanced Encryption Standard. It is also known by its original algorithm name, Rijndael, after its Belgian cryptographer creators Joan Daemen and Vincent Rijmen.

Is AES encryption good or bad?

AES is considered highly secure. No practical attack against AES-128 or AES-256 has been demonstrated against a properly implemented system. The most realistic vulnerabilities are in key management and implementation, not the algorithm itself. For the vast majority of use cases, AES is the correct and recommended choice for symmetric encryption.

What is the difference between AES and RSA encryption?

AES is symmetric — it uses one shared key to both encrypt and decrypt. RSA, in contrast, is asymmetric — it uses a public key to encrypt and a private key to decrypt. AES is faster and suited for bulk data; RSA is used to securely exchange keys and authenticate identities. Most secure systems use both: RSA to establish a session, AES to encrypt the data.

What is AES used for?

AES is used to protect data in a wide range of applications: Wi-Fi networks (WPA2/WPA3), HTTPS web traffic, VPN tunnels, encrypted disk volumes, cloud storage, financial transactions, password managers, messaging applications, and classified government and military communications.

Vivek Raj

Vivek Raj has over 8 years of experience in cybersecurity, enterprise SaaS, and technical product marketing, with deep expertise in PKI, RADIUS, 802.1X, and Zero Trust security frameworks. At SecureW2, he works closely with Content, Product, and Marketing teams to translate complex security challenges into practical guidance for customers and IT leaders. Vivek specializes in making advanced identity and network security concepts clear, actionable, and business-focused. He also holds the IBM AI Product Manager Professional Certificate. Besides writing, you can find him watching (or even playing) soccer, tennis, or his favourite cricket.

Learn More About SecureW2

Why SecureW2

Establish continuous trust with Dynamic PKI and Cloud RADIUS. Enforce access based on live identity, device posture, and risk context.

  • Passwordless authentication that can't be phished
  • Works with your IdP, MDM, and security stack
  • Real-time policy engine for dynamic access control
Learn More
Explore the Platform

Get the essentials on the products that power continuous enforcement.

SecureW2 JoinNow Platform
SecureW2 Dynamic PKI
SecureW2 Cloud RADIUS
MultiOS for Self-Service Onboarding
Integration Hub
Knowledge Base Articles

Explore practical guidance from engineers and admins deploying SecureW2.

  • Setup and configuration tutorials
  • Integration best practices with IdPs and MDMs
  • Troubleshooting guides for PKI and RADIUS
Browse Explainers

Related Articles

Though it’s unclear exactly when Q-Day will arrive, it’s clear that quantum computing will render current encryption algorithms useless. This is how organizations should be preparing right now.
PKI/Certificates May 27, 2026
What Is Q-Day? The Quantum Threat to Encryption, Explained

There is a watershed moment for network security coming: Q-Day. The term refers to the day when quantum computers running algorithms impossible on classical computers could potentially breeze past most...

By Vivek Raj 7 min read
Learn how Cloud RADIUS and hardware attestation detect PKI key migration.
PKI/Certificates May 27, 2026
Detecting Certificate Migration: How to Track a PKI Key Across Devices

A certificate is only as trustworthy as the device holding its private key. If an attacker exports a key from one laptop and installs it on another, every system that...

By Vivek Raj 4 min read
SCEP and EST get certificates in the door, but neither protocol can guarantee that the certificates flowing out belong to the devices you think they do. Dynamic PKI layers attestation, segmentation, and audit telemetry on top of any enrollment protocol so a single weak link never compromises the CA.
PKI/Certificates May 26, 2026
Why SCEP and EST Are Not Enough: Layering Defenses Into Your Enterprise PKI Enrollment Architecture

A compromised enrollment endpoint is a quiet disaster. The attacker walks away with a valid certificate signed by your CA, indistinguishable from any legitimate device cert. Choosing an enrollment protocol...

By Vivek Raj 4 min read
A technical guide to root CA certificates covering how they anchor PKI trust hierarchies, how to protect the root CA private key and when a managed cloud root CA is the better operational choice.
PKI/Certificates May 22, 2026
What Is a Root CA Certificate and Do I Need One?

Every certificate your organization issues — whether for Wi-Fi authentication, VPN access or internal web applications — traces its trust back to a single point: the root CA certificate. That...

By Vivek Raj 9 min read
A technical breakdown of domain validated certificates, explaining what the validation process proves, how DV compares to OV and EV, and why enterprise network authentication requires something different entirely.
PKI/Certificates May 22, 2026
What Is a Domain Validated (DV) Certificate? DV vs OV vs EV Explained

Most organizations run into domain validated DV certificates the first time they put a website on HTTPS. They are cheap and fast, often issuing in minutes. But DV certificates are...

By Vivek Raj 6 min read
A practitioner's guide to elliptic curve cryptography, explaining how ECC and ECDSA work, how they compare to RSA, which named curves to use, and why ECDSA device certificates are the standard for 802.1X network authentication.
PKI/Certificates May 21, 2026
Elliptic Curve Cryptography: ECC, ECDSA, and Device Certificates Explained

Certificate algorithm selection sounds like a configuration detail, but it has real consequences for authentication speed, certificate payload size, and PKI scalability. Elliptic curve cryptography (ECC) has become the dominant...

By Vivek Raj 8 min read