 When you password-protect a disk or a file with encryption software, you are often have a choice of the size of the encryption key, which could be 128- or 256-bit, or even longer. Which size should you choose?
The naïve answer seems to be "the longer the better": the 256-bit encryption’s got to be much stronger than 128-bit, why not use it? The reality is, however, that for all practical purposes the 128-bit encryption is just as strong as the 256-bit, while it requires less computational resources and is performed faster. How can it be, you might be wondering? Let me try an example. Consider two stars: Sirius and Alpha Centauri. The former is 8.6 light years from Earth, while the distance to the latter is only 4.4 light years. Which one is easier for us to fly to? The correct answer is: they are both unreachable. The humankind does not have the technology (and it does not look like it will have it any time soon) to reach either of them. The same is true about the strong encryption: no technology exists now that would break either 128-bit or 256-bit encryption. Consider some facts about strong encryption: It would take about 15 years for the Hoover Dam to produce enough energy to just flip all of the 128 bits of the encryption key, even without verifying each combination for the correctness. It would take longer than the age of the Universe to try all possible 128-bit keys for the fastest of the existing computers. In other words, if someone wants to get to your encrypted USB drive, they are not going to try to discover your encryption key by applying each possible combination until they come across the actual key. For such a method both 128-bit and 256-bit key are equally strong. Instead of the brute-force, the adversaries have many other methods at their disposal: they could install a keylogger on your computer that would intercept the keys when you are entering your encryption password. They could install a hidden video device and record your keyboard as you are entering your password. They could monitor the electromagnetic signals your keyboard emits and discover your password from the distance. Or, they could kidnap and torture you until you tell them the password. All such methods are much easier and cheaper for the adversaries to use than the brute-force attack. Why do some companies advertise encryption software with much longer encryption keys, such as 448-, 512-, and even 2048-bits, you might ask? Well, it’s just marketing. Don’t fall for that! There are many more important factors to consider besides the sheer number of bits you could have in the encryption key. For example: does the software use the industry-standard encryption algorithms such as AES and XTS? Or is the company promoting a home-grown proprietary algorithm as the latest best encryption available? Does the software allow you to create an emergency recovery key, in case you forget your password? Does the software support the operating systems you have on your computers? Is the software available for free trial before the purchase? And so on. The maximum size of the encryption key should be the last thing on your list. Happy encrypting! | 
Frequently Asked Questions 
