I'm fairly sure your question refers to potential limitations in the Advanced Encryption Standard (AES), adopted by the U.S. government for protecting government classified information. However, just in case you're asking about limitations in the process used to choose this block cipher I shall cover this first.
Back in 1997, the National Institute of Standards and Technology (NIST) announced that it needed a successor to the aging Data Encryption Standard (DES), which was becoming vulnerable to brute-force attacks. This new, unclassified, publicly disclosed encryption algorithm would be known as the Advanced Encryption Standard – AES – and, according to the NIST specification, had to be "capable of protecting sensitive government information well into the next century."
After a period of enthusiastic feedback, debate and analysis, the Rijndael design was selected from 15 competing designs as the proposed AES in October 2000. The selection process for the algorithm was open and transparent, which has helped to create great confidence in its security. In fact, the process for choosing the new algorithm drew nothing but praise from the cryptographic community and it's the first publicly accessible and open cipher approved by the National Security Agency (NSA) for top secret information.
AES comprises three block ciphers, AES-128, AES-192 and AES-256, with both software and hardware implementations being considered fast. AES ciphers each have a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. There are 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys -- a round consists of several processing steps that convert the input plaintext into the final output of ciphertext. All key lengths are deemed sufficient to protect classified information up to the SECRET level with TOP SECRET information requiring either 192 or 256-bit key lengths.
However, what constitutes strong encryption changes over time. Although no one has successfully cracked the full AES, various researchers have published attacks against reduced round versions of AES. Although these attacks are not deemed practical in the wild as they require laboratory-type conditions, it does show that the safety margin of AES is shrinking as times goes by. So at some point in the not-too-distant future, I would expect NIST to increase the number of rounds of all three AES variants.
For now the only successful published attacks against the full AES have been side-channel attacks on specific implementations. Side-channel attacks don't attack the actual AES cipher, rather its implementation. For example, in 2005 a cache-timing attack broke a custom server using OpenSSL's AES encryption. Encryption algorithms are usually not the weak point in an encryption product or service, but implementation or key management errors can be. This is why the implementation of AES in products intended to protect national security systems and information has to be reviewed and certified by the NSA prior to their use; a solid encryption mechanism used improperly can often lead to a compromise.
For more information:
- What are the export limitations for AES encryption? Read more.
- Learn how to prevent operating system cloning with AES.
Dig Deeper on Disk and file encryption tools
Related Q&A from Michael Cobb
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently... Continue Reading
Spyware can steal mundane information, track a user's every move and everything in between. Read up on the types of spyware and how to best fix ... Continue Reading
Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and... Continue Reading