When you are looking for the a perfect security solution for your company or personal data, you will be greeted by tons of information, and rightly so – you should know how our disks do what they do. So sit back, relax, and let us tackle an important piece of the puzzle: the wonderful world of AES 256-bit XTS encryption, word by word.
AES stands for “Advanced Encryption Standard”, which is admittedly kind of a dry name. Originally created in 2001 by the NIST using the much more interestingly named Rijndael cipher/algorithm (this moniker comes from its inventors, Belgian researchers Daemen and Rijmen) it has become a widely used and popular public encryption standard, by being extremely resilient against breach attempts. AES is used to encrypt top secret data at agencies, governments, banks, and other organisations around the world, and is regarded as one of the strongest encryption methods in existence.
So why a standard? Shouldn’t the process be a secret?
To put it bluntly, keeping the decoding process a secret is not what makes encrypted data secure. Generally, “security by obscurity” is regarded as a dangerous method, and way of thinking (NEVER , EVER assume you are safe just because nobody would be interested in your data!).
Instead of keeping the process secret, we keep a key, a piece of information, secret. This will usually be a string of characters or numbers, with some special properties (though other kinds of keys may be used as well). So if we know that something is encoded using AES, we know exactly how to use the key to retrieve the data in its original form.
To explain this one, we need to turn back the clock, all the way to the 1980s. At the time, netizens, if you can even call them that, sometimes used a cipher called ROT-13 (“rotate by 13 places”), and it was a way of scrambling offensive jokes on Usenet forums. As you’ve probably correctly guessed, this Golden Girls era cipher replaced a letter with a letter 13 places further down the alphabet. Well, while such an “encryption” method may be enough to hide some silly quips or a movie spoiler, it is vulnerable to methods that would simply try all possible character combinations and therefore completely unsuitable for serious tasks. Attacking by using all possible key combinations is also known as brute forcing, and is a commonly used method to force a decryption. Hence, one way to protect against someone trying many different keys is to simply create a very big key. This is where 256-bit encryption comes in, along with the beauty of mathematics: with each bit you add, you double the number of possible keys, meaning 256-bit encryption (2 to the power of, holy smokes, 256) gives you a hundred thousand billion billion billion billion billion billion billion billion possible key variations. The time and computing power required to try all of these keys would be staggering. It would take billions of years to break even a 128 bit key (not that you could even find the storage space to actually try all the possible combinations).
Now here’s where it gets a little bit complicated. You see, AES is a so-called “block cipher”. What this means is that it divides data into 128-bit blocks before scrambling it with the 256-bit key. Disks store data in a specific way, and disk sectors can be divided into blocks that would be the same size as blocks encrypted by a block cipher.
The scrambling process, by the way, consists of 14 different rounds of encryption to make your data truly unrecognizable. For anything larger than a 128-block, AES uses a block cipher mode. The AES spec has a few different modes, like the CBC (still used in some flash drives), and the much newer XTS. Again, AES is the standard, and XTS is the encryption mode. 2Cript mobile uses the XTS block cipher mode because it adresses many weaknesses of the older modes, such as CBC and ECB. Due to the way it works, AES-XTS is the most suitable mode for full disk encryption (works within the constraints of disk hardware), which makes it perfect for a 2Cript mobile drive.
Now you know how a 2Cript mobile drive works! Hopefully this has helped you understand the choices we made while designing our product, and why we believe a 2Cript mobile datavault is the best way to keep your data safe. For further reading, go check out this voltage.com article.