AES Keyspace Calculator

Reviewed by the CalculatorHub team, edited by James Graham. Keyspace formula from NIST FIPS 197. Last verified 15 June 2026.

The AES (Advanced Encryption Standard) keyspace is the total number of possible encryption keys for a given key length. Because AES uses symmetric keys, every additional bit of key length doubles the number of possible keys. AES-128 has 2^128 possible keys, AES-192 has 2^192, and AES-256 has 2^256. This calculator computes the keyspace size, the time required to exhaustively search it at a given speed, and provides context about quantum resistance. Standardized in NIST FIPS 197, AES is the US government encryption standard for classified and unclassified data alike.

AES key size (bits) Standard values: 128, 192, or 256

Guesses per second (keys/s) 1e12 = 1 trillion (theoretical limit for current hardware)

Total keyspace (2^bits)

0.00

Years to exhaust keyspace

0.00

AES keyspace formula

Keyspace = 2^{key bits}
Time to exhaust (s) = 2^{key bits} / guesses per second
Quantum-effective bits = key bits / 2 (Grover's algorithm)

For AES-128: keyspace = 2^128 = 3.40 x 10^38. At 10^12 guesses/second, exhaustion requires 1.07 x 10^19 years. The universe is approximately 1.38 x 10^10 years old, meaning AES-128 is impractical to brute force with classical hardware.

AES variants and use cases

AES-128: fastest, 128-bit security, suitable for most applications, recommended by NIST for non-classified use.
AES-192: 192-bit security, rarely used in practice; provides a middle ground between 128 and 256.
AES-256: 256-bit security, required for US government classified information at the SECRET level and above (NSA Suite B). Preferred for long-lived data and post-quantum margins.
AES is used in TLS 1.3, disk encryption (BitLocker, FileVault), Wi-Fi (WPA2, WPA3), and many other protocols.

AES keyspace calculator: frequently asked questions

How many possible AES-128 keys are there?

AES-128 uses a 128-bit key, giving 2^128 possible keys, which is approximately 3.4 x 10^38. At a rate of one trillion (10^12) key attempts per second, exhausting the keyspace would require approximately 1.07 x 10^19 years, far exceeding the age of the universe.

Is AES-256 twice as strong as AES-128?

AES-256 has 2^256 possible keys, which is 2^128 times more than AES-128. This is an astronomically larger keyspace, not just double. Both are practically unbreakable by brute force, but AES-256 provides a larger security margin against future advances.

What are the three AES key sizes standardized by NIST?

NIST FIPS 197 standardizes AES with key sizes of 128, 192, and 256 bits. AES-128 provides 128-bit security, AES-192 provides 192-bit security, and AES-256 provides 256-bit security, all against brute-force attacks.

Can quantum computers break AES?

Grover's algorithm allows a quantum computer to search an unstructured database in O(sqrt(N)) time, which effectively halves the bit security of a symmetric cipher. AES-128 would have 64-bit effective security against a quantum adversary. NIST recommends AES-256 for post-quantum resistance.

Why is keyspace size displayed in scientific notation?

AES key counts are astronomically large numbers. AES-128's 2^128 is about 3.4 x 10^38. Standard decimal notation would require 39 digits, making scientific notation the practical choice for display.

Official sources

NIST FIPS 197 Advanced Encryption Standard: csrc.nist.gov.
NIST SP 800-57 Part 1 Recommendation for Key Management: csrc.nist.gov.

Reviewed by the CalculatorHub team, edited by James Graham, 15 June 2026. See our methodology.