Many companies report using "military grade encryption" to protect your data. If it's good for the military, it's going to be the best - right? Well.
"Military grade encryption" is more of a marketing term that doesn't really matter.
Basics of encryption
Let's start with the basics. Encryption is essentially a way to get encrypted information. You can then decrypt them, but only if you know how to do it. The encryption and decryption method is known as "cipher" and is usually based on a key.
For example, when you visit a site encrypted with HTTPS and log in with a password or provide a credit card number, this private data is sent over the Internet in encrypted form. Only your computer and the website you are contacting can understand what the data is saying, which prevents users from spying on your credit card number. When you first log in, your browser and website make a handshake and exchange the keys that will be used to encrypt and decrypt the data.
There are many different encryption algorithms. Some are safer and harder to break than others.
Whether you are connecting to your internet banking system using a virtual private network (VPN), encrypting files on your hard drive or storing your passwords in a password manager, you obviously need stronger encryption that is difficult to crack.
To make it sound as secure as possible, many services say they offer "military-grade encryption" on their websites and in ads.
Sounds like something very powerful and tried and tested in practice, but the military does not have something called military-grade encryption. It is a phrase created for marketing.
What does "Military Degree Encryption" mean?
Dashlane, a password manager that advertises "military-grade encryption," says what the term means on its blog. According to Dashlane, military-grade encryption means AES-256 encryption. This is a 256-bit encryption template.
According to Dashlane's blog, the AES-256 is National Security Agency (NSA) approved and protects "Top Secret" information.
The AES-256 differs from the AES-128 and the AES-192 in that it has a larger key size. This means that more processing power is needed for encryption and decryption, but all this makes the AES-256 harder to crack.
Bank-level encryption is the same thing
"Bank-level encryption" is another marketing term. They are basically the same thing: AES-256 or maybe AES-128, as most banks use them. In fact, some banks even advertise "military-grade encryption."
The AES-256 is good, but the AES-128 does not go back
AES-256 has been widely adopted by many services and applications. In fact, you probably use this "military grade encryption" all the time. You just don't know it because most services do not call it "military grade encryption".
For example, modern web browsers support the AES-256 protocol for communicating with secure HTTPS sites. Even Internet Explorer supports AES-256 from Internet Explorer 8. Chrome, Firefox, and Safari also support it. You probably link to all HTTPS pages with military-grade encryption without knowing it.
BitLocker encryption in Windows uses the AES-128 protocol by default, but can be configured to use AES-256. It is not "military quality" by default, but the AES-128 is still quite safe and resistant to attack even though it is not military.
The 1Password password manager changed to AES-256 from AES-128 in 2013. 1Password's Jeffrey Goldberg explained the company's rationale at the time. He argued that the AES-128 was just as secure, but many people felt more secure with the higher number 256 and "military quality encryption".
Finally, if you are using AES-256, AES-128 or AES-192, you have quite secure encryption.
Encryption as a "weapon"
If you are wondering what encryption has to do with the military:
Cryptography played an important role in every war. It is a way in which a soldier can safely convey messages without being "heard" by his enemies. Even if the enemy steals the message, he will have to decrypt it to be useful to him. The ancient Romans used cryptographers to hide messages two thousand years ago under the empire of Julius Caesar.
In World War II, Nazi Germany used the machine Enigma to encode its messages.
So it should come as no surprise that many governments are using cryptography to ban its export to other countries. Until 1992, cryptography was on the US list of weapons as an "auxiliary military equipment". You could create and release encryption technologies in the US, but you could not export them to other countries. Netscape web browser once had two different versions: A domestic version with 128-bit encryption and an "international" version with 40-bit encryption (maximum allowed.)
Regulations were amended in the mid-90s to facilitate the export of encryption technologies from the United States.