قالب وردپرس درنا توس
Home / Tips and Tricks / What is "military encryption"?

What is "military encryption"?



  Two men in military uniforms in a data center.
Gorodenkoff / Shutterstock.com

Many companies advertise with military standard encryption to protect their data. If it's good enough for the military, it must be the best ̵

1; right? Something like that. "Military encryption" is more of a marketing term that has no precise meaning.

Fundamentals of Encryption

Let's start with the basics. Encryption is essentially a way to capture and encrypt information so that it looks like gibberish. You can then decrypt this encrypted information – but only if you know how. The encryption and decryption method is called a "cipher" and is usually based on information called a "key".

For example, if you visit an HTTPS-encrypted Web site and sign in with a password, or specify a credit card number that sends encrypted private data over the Internet. Only your computer and the website you communicate with can understand this. This will prevent users from retrieving your password or credit card number. When you connect for the first time, your browser and website will handshake and exchange secrets used to encrypt and decrypt the data.

There are many different encryption algorithms. Some are safer and harder to crack than others.

RELATED: What is encryption and why are people afraid of it? Online banking, using a virtual private network (VPN), encrypting the files on your hard drive, or storing your passwords in a secure vault obviously require stronger encryption, which is harder to crack.

As secure as possible, many advertise on their websites and in advertisements for "military encryption".

It sounds strong and battle-tested, but the military does not actually define anything called "military encryption" a phrase that marketing people have come up with. By advertising for encryption as "military," companies merely say that "the military uses them for specific purposes."

What does "military encryption" mean?

  A hand pulling a document marked
Art Lucas / Shutterstock.com

Dashlane, a password manager who has promoted his "military encryption", explains in his blog what that term means , According to Dashlane, military encryption means AES-256 encryption. This is the Advanced Encryption Standard with a 256-bit key size.

As emphasized by Dashlane's blog, AES-256 "is the first publicly available and open encryption that has been approved by the National Security Agency (NSA) for protecting information in a" top category "secret" level ".

AES-256 differs from AES-128 and AES-192 in having a larger key size. That means slightly more processing power for encryption and decryption, but all this extra work should make AES-256 even harder to crack.

Bank level encryption is the same

"Bank level encryption" is another term commonly used in marketing. Basically it's the same: AES-256 or maybe AES-128, as most banks use it. In fact, some banks promote their "military encryption."

This encryption is widespread. It is often considered the best and safest option. Timothy Quinn writes that both "military-grade encryption" and "bank-standard encryption" should be simply referred to as "industry-standard encryption."

AES-256 is good, but AES-128 is good too

AES-256 has been widely adopted by many services and many software parts. You probably use this "military encryption" all the time. You just do not know, because most services do not even call it "military encryption."

Modern web browsers, for example, support AES-256 in communicating with secure HTTPS websites. We use "modern" here quite loosely – even Internet Explorer has AES-256 support with Internet Explorer 8 for Windows Vista. Of course, Chrome, Firefox and Safari also support that. You're probably connecting to all kinds of sites that use "military encryption" without knowing it.

BitLocker built-in Windows encryption uses AES-128 by default, but it can be configured to use AES-256. By default, it is not military, but AES-128 should still be very safe and resistant to attacks – and it could be military.

Password Manager 1Password has switched back from AES-128 to AES-256 back in 2013. 1Passwords Jeffrey Goldberg outlined the company's motivations at the time. He argued that AES-128 was basically just as safe, but many people felt safer with this size and number and this "military encryption".

Ultimately, whether you use AES-256, AES-128, or AES-128 AES-192, you have fairly secure encryption. A term may be "military" – mostly a fictitious term – but that does not mean much.

RELATED: How BitLocker uses 256-bit AES encryption instead of 128-bit encryption AES

Encryption as ammunition

  An Enigma machine in the British Bletchley Park.
Lenscap Photography / Shutterstock.com

Here's one last point of interest. If you're wondering why encryption got so involved with the military, you should know that it's less involved with the military than ever before.

Cryptography has long been an important part of warfare. In this way, a military can safely send messages without its enemies intercepting the news. Even if the enemy intercepts the message, he must decrypt it to be useful. The ancient Romans used ciphers under Julius Caesar two thousand years ago to disguise messages. In World War II, Nazi Germany used the Enigma machine to encrypt its messages. This was known to be cracked by Britan and his allies, who used the information extracted from these encrypted messages to win the war.

It should come as no surprise, then, that many governments have regulated cryptography, especially their export to other countries. Until 1992, cryptography was on the US munitions list as "military equipment". You could create and own encryption technologies in the US, but you can not export them to other countries. The Netscape web browser used to have two different versions: a US domestic version with 128-bit encryption and an "international" version with 40-bit maximum encryption.

The provisions were relaxed in the late 1990s, and there are no more harsh restrictions on exporting encryption technology from the US, provided you do not export it into a terrorist organization or a rogue state. Cryptography is no longer classified as "ammunition".


Encryption has long been associated with the military, so it is not surprising that the term "military encryption" actually appeals to people. This could be one of the reasons why marketing campaigns continue to use this.


Source link