Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Key Lifecycle for AES 256 Encryption (Bitlocker)


I am the process of writing a cryptography policy and the template generated by our software recommends that AES 256 symmetric keys for data encrypted at rest should be changed annually. This software is supposed to generate templates that conform to industry standards and best practices. I so far can't find any standards that recommend changing AES 256 encryption keys annually. The best I could find was NIST SP 800-57 Part 1 Rev 5 which generally says symmetric data encryption keys have a cryptoperiod of roughly 3-5 years.

Does anyone know of any standard, guideline, or best practice that says AES 256 encryption keys should be changed annually? Also, has anyone worked on a policy similar to this and have your own recommendation on AES 256 lifecycle management? Thanks!

2 Replies
Community Champion

Hi @earthling 


The only guidance I can provide directly is via the Australian and New Zealand Information Security Manuals, which you can search below:


My advice given is based on the forth coming Post Quantum Cryptography is for Data Security and Storage, is ensure that all Data Storage systems use GCM or Galois Mode AES-256, which currently is Quantum Cryptography resistant to attacks according to NIST.  


Keys should be changed when it is suspected that they have been compromised due to an incident occurring, and the appropriate Key Management procedures should be in invoked to change those compromised keys.


The main issue you are going to encounter is robust key management, and how to ensure that the Shared Secret is not dispersed to unauthorised personnel or entities.   You will need to ensure you have appropriate procedures and processes to ensure that no one can obtain the the shared key, or as you know AES-256 will be compromised.   In many cases you may not be aware of this, so monitoring is key to understanding who has access to your key management systems, and the systems using it.  


There is a concept called Harvest Now, Decrypt Later (HNDL), which is being used by many State Nations, and others to grab as much data as they can, and later gleam information from it, once it becomes possible to decrypt it using Quantum Computers. 


I hope this helps, it really depends on the circumstances and how you are using AES-256 encryption.









Newcomer III

I've waded into this issue in the past.  What should guide you is the (continued) value of the information to the organization and to attackers, and the threat environment you're in.  This also should inform you of the need to merely change keys, or if data at rest needs to be rekeyed.  It's really a risk-based model, and different industries will have differing threats to counter, and regulatory requirements.


A few examples I like to use when modeling that risk are stock quotes and mortgages.  Stock quotes aren't secret but require high integrity, but the value degrades exceptionally quickly.  Information associated with mortgages may need to have integrity validation on it for 37 years... or maybe 107 if you're working w/ Japanese 100-year mortgages.  


I've found it helpful in the past to use the organization's information classification as a rubric for determining key rotation and re-keying standards... but always leaving room for more frequent rotation if required by risk or regulation.


I hope this helps.