We may earn an affiliate commission when you buy through links on this site. Thanks for supporting us! More here.
Military Encryption: Marketing Hype or Necessity?
Cloud storage solutions. VPNs. Hard drives. Password managers.
These days, it seems that there isn’t much in the world of tech that isn’t protected with ‘military-grade’ encryption.
Which sounds great, right? We should all be striving for the highest level of data security and protection we can possibly get – especially in a time where our data is so valuable to attackers who want to steal it or companies who want to hoard it.
But have we stopped to consider whether this so-called ‘military-grade’ encryption really is the highest standard?
With a little digging, that seems far from certain. So, is military-grade encryption a good standard, or nothing more than marketing hype? Are there higher levels of encryption worth considering? What is the best way to protect your data across the tech space?
We’ve done the research to find out the answers to those questions.
What is ‘military-grade encryption’?
As lovers of all things tough and durable, we’re well-positioned to detect whether something is genuinely fit for military use, or just made with above-average materials and called ‘military-grade’ as a marketing hook.
That challenge becomes a little more difficult when the thing in question is not a physical product like a rugged laptop, but immaterial cybersecurity software.
But military grades like MIL-STD-810G do exist and are well-defined by the U.S. Department of Defense for a reason – so technological failure doesn’t happen in high-risk contexts.
What, then, does ‘military-grade’ or the alternative ‘bank-grade’ actually mean with respect to encryption?
Well, as with physical equipment, there is a list of cryptographic algorithms approved by the National Security Agency (NSA) [2] specifically for military use, which includes the Secure Hashing Algorithm 2 (SHA-2) [3], the Elliptic Curve Digital Signature Algorithm (ECDSA) [4], and the Advanced Encryption Standard (AES)[5], among others.
If you dig a little deeper with companies who make the ‘military/bank-grade level encryption’ claim like Dropbox, NordVPN, and others, you’ll find that they are almost always referring to the use of AES-256 encryption only.
So, what makes AES-256 so special?
What is AES-256 encryption?
In 1997, the National Institute of Standards and Technology (NIST) identified a need for a new, advanced encryption standard to protect highly sensitive data long into the 21st century.
Two Belgian cryptography experts named Vincent Rijmen and Joan Daemen answered the call with their Rijndael cipher[6], which was adapted into the AES-256 that we know today.
At its most fundamental level, encryption works by taking the plain text of data and transforming it into ‘cipher text’, which appears to be an unrecognizable string of random characters. Then, the encryption protocol decrypts the ciphertext back into recognizable data on the receiver side, given they have the appropriate access.
AES-256 is a symmetric encryption protocol. ‘Symmetric’ refers to the use of the same key for both encrypting and decrypting the data it protects – this means that the receiver must have the same key as the sender in order to unlock the data. This also improves the speed and efficiency of encryption and decryption, as well as requiring less computational power.
In AES-256 encryption, the data is divided into 128-bit blocks. Each unit of data is replaced by ciphertext[7], which is determined by the security key. Then, additional keys are generated through multiple rounds of mathematical data modification, which effectively scrambles the data in increasingly complex ways.
Can anyone crack AES-256?
This level of encryption means that someone attempting to hack into AES-256-bit encrypted data would require a minimum of 2256 ( or 1.157920892 ×1077) unique combinations before they get the right one. That’s an unimaginably large number that would take today’s most powerful (non-quantic excluded here) computers literally billions of years of continuous work to arrive at.
However, that doesn’t mean the data is not accessible in other ways!
To access encrypted data, all you need is the administrative access controls. This is typically shared among all internal parties that hold the data. So, the important question of whether your data is truly safe under AES-256 encryption is what measures are in place to protect the keys internally?
Notably, companies such as Dropbox have failed to protect user data in the past (in 2012), despite their use of AES-256 encryption as a result of weak server-side protection strategies.
Security checklist for companies with ‘military grade’ encryption
Is there any company out there that can provide truly impenetrable data encryption and protection for your sensitive files or digital activity?
With a few simple checks, you can come pretty close to it.
AES-256-bit encryption is a great start, as well as the other encryption methods approved by the NSA for military use. But more than the encryption protocol alone, check for the following policies and practices:
1. Zero-knowledge policies
A zero-knowledge policy is where the company offering the data encryption product or service chooses not to store the keys to your encrypted data internally. Companies who have it couldn’t access your data, or give access to a third party, even if they wanted to.
2. Third-party security audits
Check to see if the company routinely undergoes cybersecurity audits conducted from outside of the organization.
3. NIAP compliance
The National Information Assurance Partnership is a regulatory body that evaluates commercial off-the-shelf IT products for their security and data protection practices. You can check to see if a product you’re interested in is NIAP compliant with their online product search tool.
4. Cybersecurity history
As we typically don’t have transparent access to how a company treats its customers’ data internally, a good way of checking the health of its practices is to see if there had been any data leaks, security breaches, or general data malpractice in the company’s history.
Secure products and services that use AES-256 encryption
Using the checklist items we just described, we’ll now showcase products and services across the tech space that meet the stringent data protection and privacy standards that their military claims suggest.
We’ll also compare the products and services using our Rugged Ratings Buy-it-for-life system (#BIFL), which produces a percentage score representing the overall durability of a product or service. The figure is calculated from the combined sum of the following elements:
- Rugged – Most robust encryption protocols
- Repairable – Data recovery protocols and multi-factor authentication in case of forgotten passwords
- Upgradable – Tiered options for enhanced security or more users
- Multipurpose – Multiple use-cases or features
Encrypted password protector
Bitwarden is an advanced password manager and data storage application that uses AES-256 encryption as well as PBKDF2 SHA-256[8], representing the highest levels of security.
They also operate a zero-knowledge policy, volunteer to undergo annual third-party security audits, and have achieved SOC type 2 and SOC 3 compliance[9].
In the case of lost passwords, they offer multi-factor authentication and can generate a Recovery Code that can be used with your Master Password to disable any enabled two-step Login methods from outside your Vault.
Bitwarden has a three-tiered pricing system, with the most basic level being free-to-use for up to two people and the highest level at $5 per month, which offers SSO authentication and self-hosting for large enterprises.
Encrypted external hard drive
The LaCie Rugged SSD topped our list of most durable rugged hard drives not too long ago, in part thanks to its encryption and data recovery methods.
It uses AES-256 ‘self-encryption’, and when the drive is removed or the connected system turns off, the Auto-Lock feature locks the drive and secures the data.
If you lose the drive, Instant Secure Erase “renders the drive unreadable in less than a second via cryptographic erase of the data encryption key”. This is FIPS 140-2 validated [10], which means it’s been tested and approved by the US and Canadian governments in the protection of sensitive data.
If you manage to damage the drive despite its rugged design features, LaCie offers Rescue Services to help you defend against data loss and retrieval costs.
Encrypted VPN provider
NordVPN is one of the leading virtual private network providers, a service designed to conceal your online activity. Naturally, they have a host of multi-layered security and privacy measures, including AES-256 encryption.
DoubleVPN is a feature that routes your traffic through two servers instead of one for two encryption layers. The Kill Switch recognizes drops in VPN connection and immediately blocks internet access so as not to reveal your true IP. As part of the service, they also offer an ad and malware blocker for web browsing (while connected to the VPN).
They also operate a no-log policy, have robust DNS leak protection[11], and offer multi-factor authentication for recovery. You can upgrade your membership to include NordPass and NordLocker, password protection, and cloud storage applications that feature the same security measures.
Encrypted Android phone
IntactPhone is a cell phone that’s purpose-built to offer the highest level of security and privacy of any phone on the market today. The company fuses various security technologies, vulnerability management, anomaly detection, and intrusion prevention methods to offer those in high-risk professions the best in mobile cybersecurity.
The phone features multiple encryption protocols for different applications, like ZRTP for VOIP calls [12] and AES-256 message encryption. The ‘Android-like’ custom-built OS is built from the source code to patch the security vulnerabilities of consumer-level Android software.
To get some of the additional security and privacy features they offer such as threat detection, antimalware, and granular app permissions enforcement on a more user-friendly device, you can get the IntactDialog software for Android or iPhone devices.
Military-grade encryption. Conclusion and Recommendations
So, does ‘military grade’, ‘bank-grade’, or ‘government-grade’ encryption tell you everything you need to know about the security of a company’s product or service?
No, it does not.
As it turns out, the term is used pretty loosely to refer to the use of any NSA-approved encryption protocol.
And we can understand why – it sounds incredibly secure, and the protocols they are referring to (which is usually just AES-256-bit encryption) are genuinely more robust than you would ever require in consumer-level tech.
However, true security doesn’t end at good encryption. There is a multitude of factors to look for when trusting your data with a company, mainly surrounding the potential for system-level breaches due to the internal policies of the company itself. Evaluate companies using the security checklist we provided above and your data should stay just that – yours.
Advertisement:
- Apollo can live stream in 1080p Full HD from anywhere so you can always see your home! Use the free...
- Get notifications when sound/motions are detected and use Video Playback Alert to review the last 10...
- 360° Auto Tracking eliminates the need for multiple cameras facing different positions. Say goodbye to...
- Fast Facial Recognition means that your family members can be recognized in seconds! You can even get...
- Your data protection is extremely important to us so we deploy the highest security protection of 256-bit...
- Easy to use: Perfect solution to protect your digital assets. Simply enter a 7-15 digit PIN to...
- Government certified to the highest standards – The diskAshur PRO2 is the world’s first and only PIN...
- The diskAshur PRO2 is the perfect solution for storing your personal or company data. Carry the diskAshur...
- The diskAshur PRO2 will work on any device with a USB port, no software is required. Compatible with: MS...
- Transfer your files in seconds Lightning fast backwards compatible USB 3.2 data transfer speeds. Up to...
- Easy to use: Perfect solution to protect your digital assets. Simply enter a 7-15 digit PIN to...
- The diskAshur2 helps you ensure compliance with data regulations such as GDPR, CCPA, HIPAA.
- The diskAshur2 is the perfect solution for storing your personal or company data. Carry the diskAshur2...
- The diskAshur2 will work on any device with a USB port, no software is required. Compatible with: MS...
- Transfer your files in seconds Lightning fast backwards compatible USB 3.2 data transfer speeds. Up to...
Last update on 2022-11-09 at 21:42 / Affiliate links / Images from Amazon Product Advertising API
What to check next: The Toughest Military Grade Laptops. Specs and usability are important, but durability is a must for any laptop. In our opinion, it’s much wiser to shell out a few extra bucks for a more robust notebook that you can take around with you – without having to worry about spills or drops damaging your data & buy repairs. #BIFL
- What Does ‘Military Grade’ Encryption Really Mean? - August 11, 2023
- The Consumer Guide to Military Specifications and Standards - August 11, 2023
- AGM Glory PRO Review - August 11, 2023
