Back to Blog
Cryptography

The math behind AES-256: Why it can't be cracked

March 22, 20268 min read

2²⁵⁶ possible keys. At a trillion guesses per second, that's longer than the age of the universe. Here's the full picture.

When security software claims 'military-grade AES-256 encryption,' most people nod and move on. But what does that actually mean? Is it marketing, or is there real math behind the claim? Spoiler: the math is genuinely impressive.

What is AES?

AES (Advanced Encryption Standard) is a symmetric block cipher standardized by NIST in 2001 after a global competition. It replaced DES, which had become dangerously weak. AES operates on 128-bit blocks of data using keys of 128, 192, or 256 bits. NeuroKey uses the 256-bit variant.

The key space: why brute force is impossible

A 256-bit key means there are 2²⁵⁶ possible keys — approximately 1.15 × 10⁷⁷. To put that in context:

  • There are an estimated 10⁸⁰ atoms in the observable universe
  • The most powerful supercomputers can perform ~10¹⁸ operations per second
  • At that rate, exhausting the key space would take ~3.31 × 10⁵⁶ years
  • The universe is only 13.8 × 10⁹ years old
  • Quantum computers with Grover's algorithm reduce this to 2¹²⁸ — still astronomical

Key Insight

No known attack on AES-256 is faster than brute force. The best theoretical attack (biclique) requires 2²⁵⁴·⁴ operations — a trivial improvement that remains completely infeasible in practice.

How AES actually works

AES is a substitution-permutation network. Each encryption round applies four transformations: SubBytes (non-linear substitution via an S-box), ShiftRows (byte transposition), MixColumns (linear transformation mixing column bytes), and AddRoundKey (XOR with the round key). AES-256 runs 14 such rounds.

  • Confidentiality: your data is encrypted with a unique nonce (counter) per encryption
  • Authenticity: a 128-bit authentication tag is generated, detecting any tampering
  • If anyone flips a single bit of ciphertext, decryption fails completely — no silent corruption
  • AES is parallelizable, making it fast on modern hardware
AES-256 via Expo & Native Modules
import * as Crypto from 'expo-crypto';
import { AES } from 'react-native-aes-crypto'; // Native implementation

// Generate a random 96-bit (12 byte) IV
const iv = await Crypto.getRandomBytesAsync(12);

// Encrypt using Native modules (avoiding JS thread bottlenecks)
const ciphertext = await AES.encrypt(
  plaintext,
  key,
  iv,
  'aes-256'
);
// Ciphertext includes the 128-bit authentication tag

The weak link: your master password

AES-256 is unbreakable. But human-chosen passwords aren't. If you use 'Password123' as your key, an attacker can brute-force it much faster than the AES key space. This is why NeuroKey heavily prioritizes hardware-backed biometrics from the Secure Enclave, and protects your fallback master password with intense PBKDF2 hashing (5,000+ iterations) to severely penalize brute-force attempts.

Takeaway

AES-256 is not 'strong encryption' in the marketing sense — it is a mathematically proven cipher with no known practical attack. The only vulnerability is in how the key is generated and stored, which is why key derivation and storage (not the cipher) is where password manager security actually varies.

AE

Ayoub Edahlouli

Security Engineer · NeuroKey

All articles

Continue reading

Architecture

6 min read

Why offline-first password managers beat cloud alternatives

Read
Passwords

5 min read

Password vs Passphrase: What the data says

Read