AES, or the Advanced Encryption Standard, is the most widely used encryption algorithm in the world. It protects everything from your Wi-Fi connection and online banking sessions to the files on your laptop’s hard drive. Approved by the U.S. National Institute of Standards and Technology (NIST) in December 2001, AES replaced the aging Data Encryption Standard (DES), whose key was first cracked by brute force in 1997. Today, AES is built into virtually every layer of digital security you interact with daily.
How AES Became the Global Standard
By the late 1990s, it was clear that DES could no longer protect sensitive data. Any organization with enough computing resources could try every possible key until it found the right one. NIST launched a five-year open competition to find a replacement, inviting cryptographers worldwide to submit algorithms. The winner was Rijndael, created by Belgian researchers Joan Daemen and Vincent Rijmen (the algorithm’s name is a blend of their surnames). NIST published it as Federal Information Processing Standard 197, making it the required encryption method for U.S. government data and, in practice, the default choice for commercial security worldwide.
AES comes in three key sizes: 128-bit, 192-bit, and 256-bit. A larger key means more possible combinations an attacker would need to try. Even AES-128 offers a number of possible keys so astronomically large that no computer on Earth can test them all in a human lifetime. AES-256 is reserved for the most sensitive applications, including classified government communications.
Securing Web Traffic and VPNs
Every time you see a padlock icon in your browser, AES is almost certainly working behind the scenes. The TLS protocol that encrypts web traffic between your device and a server relies heavily on AES. The latest version, TLS 1.3, supports AES-128 and AES-256 in a mode called GCM, which both encrypts data and verifies it hasn’t been tampered with during transit. This covers online shopping, email, banking portals, and any other HTTPS connection.
VPN services use the same principle. When you connect to a VPN, your device and the VPN server establish an encrypted tunnel, and AES-256 is the most common cipher chosen for that tunnel. It keeps your internet traffic unreadable to anyone monitoring the network between you and the server, whether that’s a coffee shop’s Wi-Fi operator or an internet service provider.
Protecting Files on Your Devices
AES also encrypts data at rest, meaning files stored on a disk rather than traveling across a network. Apple’s FileVault, the built-in encryption tool for macOS, uses AES with 128-bit keys to encrypt your entire hard drive. Microsoft’s BitLocker offers similar full-disk encryption on Windows, also relying on AES. If your laptop is lost or stolen, an attacker who removes the hard drive still can’t read your files without the encryption key.
Cloud storage providers apply the same approach on their servers. When you upload files to services like Google Drive, iCloud, or Microsoft OneDrive, those files are typically encrypted with AES before being written to disk. Recovery keys for tools like FileVault can also be stored in the cloud, themselves encrypted with AES both in transit and at rest.
Banking and Financial Transactions
The financial industry is one of the heaviest users of AES. When you withdraw cash from an ATM, the communication between the machine and the bank’s servers is encrypted. Online banking platforms use AES to protect transactional data, encrypting fields like account numbers and transaction amounts so they’re stored as unreadable ciphertext in the bank’s database. Comparative testing of encryption algorithms on large banking datasets has consistently shown AES to be the recommended choice for financial institutions, outperforming alternatives in both speed and throughput when processing high volumes of transactions.
Wi-Fi Security
Your home Wi-Fi network uses AES, too. WPA2, the security protocol that has protected most wireless networks since the mid-2000s, relies on AES with 128-bit keys. The newer WPA3 standard steps things up significantly, using a 256-bit version of AES in a mode called GCMP. This stronger encryption requires more computing power from your router but provides substantially better data protection, especially against offline attacks where someone captures your Wi-Fi traffic and tries to decrypt it later.
Built Into Your Processor
AES is so fundamental that chipmakers have built dedicated circuitry for it directly into modern processors. Intel introduced a set of instructions called AES-NI specifically to accelerate encryption and decryption. On an Intel Core i5 processor, these hardware instructions can encrypt data at roughly 920 megabytes per second, up to 13.5 times faster than running AES in software alone, while consuming about 90% less energy. ARM processors used in smartphones and tablets have equivalent instructions, reaching around 355 megabytes per second with a tenfold speed improvement over software-only implementations.
This hardware acceleration is why encryption feels invisible to you. Your device constantly encrypts and decrypts data for web browsing, file storage, and messaging, yet you never notice a slowdown. Without these dedicated instructions, the computational cost of encrypting everything would be noticeable, especially on battery-powered devices.
Messaging and Everyday Apps
End-to-end encrypted messaging apps like Signal, WhatsApp, and iMessage all incorporate AES as part of their encryption protocols. When you send a message, it’s encrypted on your device before it ever reaches the app’s servers. Only the recipient’s device holds the key to decrypt it. AES handles the bulk encryption of the actual message content, working alongside other cryptographic tools that manage key exchange between devices.
Password managers, encrypted email services, and file-sharing tools follow the same pattern. The common thread is that AES does the heavy lifting of transforming readable data into ciphertext, regardless of whether that data is a text message, a spreadsheet, or a video call.
Resilience Against Quantum Computing
One reason AES remains the standard more than two decades after its adoption is its expected resilience against quantum computers. Many widely used encryption methods for key exchange are vulnerable to quantum algorithms, but AES holds up differently. The best-known quantum attack against AES uses Grover’s algorithm, which effectively cuts the security level in half. That means AES-256 would offer roughly 128 bits of security against a quantum computer, still far beyond what any machine could brute-force. This is why security experts generally consider AES-256 a safe long-term choice, even as quantum computing matures.