AES-256-CBC (Cipher Block Chaining), the algorithm used to encrypt Vault, is a standard cryptographic algorithm and is used by the US government and other government agencies worldwide to protect top-secret data. With proper implementation and strong enough Encryption Keys (from a user’s Master Password), the AES-256-CBC algorithm is proven unbreakable.
AES-256-CBC is an encryption system using AES specifications with key of 256-bit length, and is in the CBC mode of operation. The input data is stretched and divided in to blocks of fixed length, then
- With block , perform operation on with initialization vector :
- Encrypt the result from step 1 with and key :
- From block onward, is -ed with the encrypted output of the previous block:
- The cipher text blocks are concatenated into the final cipher text:
The decryption process has a reversed flow with cipher text being divided into blocks .
- Decrypt block with and key :
- Perform operation on with initialization vector to retrieve plaintext block :
- From block onward, is -ed with the decrypted output of the previous block:
- The decrypted plaintext blocks are concatenated to restore the original plaintext: