Advanced Encryption Standard

Secret Server uses different types of encryption to ensure data security. Every text-entry field, except name (by default), on a Secret is encrypted by the Application to ensure it is protected in transit and at rest with Advanced Encrypted Standard (AES) 256-bit algorithm. SQL Database Encryption is also supported and can be further enabled for an additional level of protection if required by policy.

The AES encryption algorithm provides a high security level for sensitive data. The National Institute of Standards and Technology (NIST) and National Security Agency (NSA) search for a replacement for the Data Encryption Standard (DES), which had numerous issues, namely small key size and efficiency, and finally settled on AES.

Encryption algorithms use keys to obfuscate the data. While DES only had a key size of 56 bits, AES can have a key size of 128, 192 or 256 bits. Larger keys provide more security as their size makes brute force attacks infeasible.

To address concerns from the cryptographic community, NIST embarked on a transparent selection process. During the selection process NIST solicited designs from the global cryptographic community and voted for a winner from within fifteen finalists. The eventual winner was a team of Belgian cryptographers with their submission of the Rijndael encryption method, which became AES. For more information about the technical specifications of AES, please see the official standard.