The term “military-grade encryption” is powerfully evocative, conjuring up images of impenetrable bunkers or isolated, hardened networks within secure government facilities. It’s a term regularly used by apps, VPNs, and cloud services in their marketing materials for precisely this reason: evoking the specter of the military also conjures up connotations of top-secret security and rigorously tested protocols.
The reality is that the term is almost always a buzzword for AES-256, an encryption algorithm that the U.S. government uses to protect top-secret classified information. As in other marketing contexts, such as “military-grade durability” or “passing US MIL-STD-810 testing”, this does not imply that a product has been certified by the US military or uses technology that is normally proprietary to the Department of Defense or the armed forces. Instead, it simply means that a product uses a common, albeit very secure, encryption standard. It is important to note, however, that the strength of encryption relies on the entire system, not just the algorithm. This is one reason why we recommend separately encrypting your own files before uploading them to the cloud.
Define AES-256
AES-256 refers to Advanced Encryption Standard (a subset of Rijndael, an algorithm developed by two Belgian cryptographers, Vincent Rijmen and Joan Daemen) with a 256-bit key. AES-256 was introduced by the United States National Institute of Standards and Technology (NIST) in 2001 and remains the federal standard for encryption of top secret data in the United States. It is widely used in common applications like Zoom, but due to its difficulty in breaking, it has been used in ransomware attacks like those carried out by TeslaCrypt as early as 2015.
AES-256 works like any other encryption standard by translating information into an unreadable cipher that cannot be decoded without the appropriate 256-bit key. It starts by breaking the data into blocks, then extensively scrambling and swapping them for otherwise meaningless bytes of data. Rows and columns of data are shifted and shuffled, then a final figure is generated. Without the corresponding key, the number has no meaning. However, any person or entity with access to this key will be able to fully decrypt and access this data.
AES-256 is incredibly secure and has never been hacked. Even quantum computers, which threaten the security of a number of commonly used security keys, are unlikely to be able to decrypt AES-256. That said, it is important to note that saying that software uses “military-grade encryption” does not imply any testing, certification, or approval by the U.S. military, nor that it has in any way gained access to an algorithm normally available only to military applications.
