AES128 vs AES256 using bruteforce

George picture George · Sep 17, 2013 · Viewed 28.4k times · Source

I came across this:

Key combinations versus Key size

I don't understand how AES128 is stronger than AES256 in a brute force attack, or how AES256 allows for more combinations than AES128.

These are my simplified premises - assuming I have 100 unique characters on my keyboard, and my ideal password length is 10 characters - there would be 100^10 (or 1x10^20) combinations for brute force attack to decry-pt a given cipher text.

In that case, whether or not AES128 or AES256 is applied doesn't make a difference - please correct me.

Answer

DarkWanderer picture DarkWanderer · Sep 17, 2013

Yes, you are correct (in that a weak password will negate the difference between AES128 and AES256 and make bruteforcing as complex as the password is). But this applies only to the case when the password is the only source for key generation.

In normal use, AES keys are generated by a "truly" random source and never by a simple pseudorandom generator (like C++ rand());

AES256 is "more secure" than AES128 because it has 256-bit key - that means 2^256 possible keys to bruteforce, as opposed to 2^128 (AES128). The numbers of possible keys are shown in your table as "combinations".

Personally, I use KeePass and passwords of 20 symbols and above. Using 20-symbol password composed of small+capital letters (26+26), digits (10) and special symbols (around 20) gives (26+26+10+20)^20 = 1.89*10^38 possible combinations - comparable to an AES128 key.