[Cryptography] AES-256- More NIST-y? paranoia
Tony Arcieri
bascule at gmail.com
Thu Oct 3 13:40:01 EDT 2013
On Wed, Oct 2, 2013 at 8:13 PM, Ray Dillinger <bear at sonic.net> wrote:
> Leaving aside the question of whether anyone "weakened" it, is it
> true that AES-256 provides comparable security to AES-128?
No, there's a common misconception that the related key attacks make
AES-256 worse than AES-128 because AES-128 is not susceptible to these
attacks. The alleged source of this information is a Bruce Schneier blog
post (which is fine in and of itself, it's being misinterpreted).
In Schneier et al's book Cryptography Engineering he recommends AES-256
over AES-128, despite the flaws, but suggests we might consider looking for
a better cipher at this point. The rationale is that AES-256 still provides
a wider security margin.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131003/c8f5bfea/attachment.html>
More information about the cryptography
mailing list