Interactive lab
Symmetric Cryptography
Symmetric keys are the workhorses that power high-throughput encryption. Once two parties agree on a shared secret (Diffie-Hellman, RSA, pre-shared channels), AES or ChaCha20 take over securing backups, VPN tunnels, and streaming data. Inspired by the storytelling format of the classical ciphers lab, this page modernizes the experience with rich cards and an interactive playground.
4-10x
Performance boost
Compared to asymmetric suites
128-256 bit
Key size sweet spot
NIST recommended AES range
Backups VPNs Streaming
Ideal workloads
High-volume data flows
Modern symmetric toolbox
These ciphers appear in TLS 1.3, SSH, backups, secure messaging, and disk encryption suites.
AES (Rijndael)
Modern default
Authenticated modes such as GCM/CCM provide confidentiality + integrity with minimal overhead.
ChaCha20-Poly1305
Mobile-first
Fast on low-power devices and widely deployed inside TLS 1.3, WireGuard, and modern messaging apps.
Blowfish / Twofish
Legacy & embedded
Still present in older archives, but newer deployments migrate to AES or ChaCha20.
AES-256 playground
Encrypt, copy, iterate
Paste any payload below: JSON, config snippets, or entire paragraphs. Use Generate Key to spin up a random 256-bit secret, then encrypt/decrypt instantly.
Best practices
Harden your symmetric crypto
- Never reuse IVs/nonces with the same key (especially in CTR/CFB/OFB modes).
- Rotate keys on predictable cadences and store them in an HSM or secrets manager.
- Prefer AEAD (AES-GCM, ChaCha20-Poly1305) to gain integrity plus confidentiality.
- When deriving keys from passwords, rely on PBKDF2, scrypt, or Argon2 with strong parameters.
- Shared keys mean compromise impacts both confidentiality and authenticity.
- Weak randomness can leak session information or make brute-force practical.
- Lack of non-repudiation complicates audit trails/log distribution with asymmetric signatures.