Is AES-128 strong enough?

Yes. AES-128 offers 128 bits of security with no practical attacks, which is sufficient for virtually all uses today. AES-256 adds margin against future cryptanalysis and quantum Grover-style attacks but is not strictly required for most data.

Why is ECB mode considered insecure?

ECB encrypts each block independently, so identical plaintext blocks produce identical ciphertext blocks. This leaks structure — the classic ECB penguin image stays visible. Never use ECB for real data; use an AEAD mode like GCM instead.

Should I still use 3DES?

No. Triple DES has a 64-bit block size, making it vulnerable to Sweet32 birthday attacks on long sessions, and it is slow. It is deprecated by NIST. Migrate to AES or ChaCha20.

When should I pick ChaCha20 over AES?

ChaCha20-Poly1305 is a great choice on devices without AES hardware acceleration, where it runs faster and more constant-time than software AES. On modern CPUs with AES-NI, AES-GCM is typically faster.

AEAD stands for Authenticated Encryption with Associated Data. It provides confidentiality and integrity in one operation, so the recipient detects tampering. AES-GCM and ChaCha20-Poly1305 are the standard AEAD schemes.

Symmetric Cipher Reference

Email me this result

Get this tool's output sent to your inbox, plus one useful tool a week. No spam, unsubscribe any time.

Symmetric cipher reference

Symmetric ciphers use the same secret key to encrypt and decrypt. They are fast and used for bulk data: TLS records, disk encryption, file encryption and tokens. This reference compares AES, ChaCha20, 3DES, Blowfish and others by key size, block size, the recommended mode of operation, and current security status.

How it works

A block cipher (AES, 3DES) transforms fixed-size blocks; a stream cipher (ChaCha20) produces a keystream XORed with the plaintext. Security depends heavily on the mode of operation:

AEAD modes (GCM, CCM, ChaCha20-Poly1305) encrypt and authenticate together — always prefer these.
CBC needs a separate MAC and a random IV, and is error-prone (padding-oracle attacks).
CTR is parallelisable but needs an external MAC.
ECB is insecure — it leaks plaintext patterns.

Each encryption needs a unique nonce/IV per key; reusing a GCM nonce is catastrophic and can reveal the authentication key.

Tips and notes

Default to AES-256-GCM or ChaCha20-Poly1305 for new systems.
Never reuse a nonce with the same key under GCM or CTR.
Avoid 3DES, RC4 and Blowfish for new designs — they are deprecated or have small block sizes.
Key size is not the whole story: a 256-bit key in ECB mode is still insecure because of the mode, not the key.