The Rijndael cipher was chosen after a review process for the Advanced Encryption Standard, or AES. This was the first public algorithm that was approved by the NSA for securing data beyond a doubt. It was classified as a standard on May 26, 2002 by the National Institute of Standards and Technology (NIST). AES is a block cipher and is among the most popular algorithms for symmetric key cryptography currently in use.

Block ciphers refer to encrypting data in fixed-length groups of bits, called blocks.
Graphical represntation of the steps in the Rijndael cipher

The encryption key used with Rijndael can be 128, 192, or 256 bits in length which are the key lengths used. Although Rijndael can support blocks larger than 128 bits, only 128 bit blocks are officially recognized by AES. Both AES and Rijndael refer to the same thing and can be used interchangeably as they often are. Depending on the key and block sizes the number of rounds during encryption will vary as follows:

  • 9 rounds for 128 bit key/block sizes
  • 11 rounds for 192 bit key/block sizes
  • 13 rounds for 256 bit key/block sizes

Each round consists of four steps. The first step is the Byte Sub Step. In this step each byte of data is changed using a substitution box (S-box). Secondly is the Shift Rows Step. For 128 and 192 bit block the offset for the state (the matrix of bytes making up the data) is the same. The first row remains unchanged as each subsequent row is shifted one more spot that the previous row. The third step is the Mix Columns Step where four bytes from columns of the state are used to output four altered bytes.Each input byte has an effect on each resulting byte. The final step is the Add Round Key Step where the Key is used to make a subkey to perform a bitwise XOR (exclusive OR) on each byte of the state.

Rijndael has only be cracked in extreme test environments. Experts say these cracks are "interesting from a mathematical viewpoint but have little bearing on real world attempts to crack AES"ยน. There are security flaws in this encryption that have been discovered in 2009 where all three versions, 128, 192, and 256 all fall victim to some form of vulnerability. This is interesting since the NSA deemed it able to protect TOP SECRET level documents for the US government.


Security is always a big concern when putting personal information, including health information, in to online databases over the internet. Currently there is no mention of using AES as a means of securing that information. Although encryption of information in databases has been going on since there inception (i.e. password encryption) there is still a lot of concerns about the concept.

With the use of personal keys for each person in the database, all information could be encrypted by the patient. People don't understand how far data encryption has come with the increased power of computers. Most breaches occur when people with access to information abuse their privileges, not from external threats. Allowing patients to be the key holders for their encrypted data would prevent a lot of the breaches that, in theory, could be possible in a database of this nature.

Encryption is only one part of the equation though for securing data. More important than encrypted data is the security that prevents physical access to the data. Once the data has been accessed (and copied) by unauthorized personnel they can take as long as they want to crack the encryption (if it is even possible).

Web Resources:,,sid14_gci523541,00.html

Related Terminology:

Block ciphersCryptography
Bitwise Exclusive Or (XOR)

1. TechTarget (Article)