[Cryptography] AES state of the art...

Tony Arcieri bascule at gmail.com
Mon Sep 9 14:54:33 EDT 2013


On Sun, Sep 8, 2013 at 3:33 PM, Perry E. Metzger <perry at piermont.com> wrote:

> What's the current state of the art of attacks against AES? Is the
> advice that AES-128 is (slightly) more secure than AES-256, at least
> in theory, still current?


No. I assume that advice comes from related key attacks on AES, and Bruce
Schneier's blog posts about them:

https://www.schneier.com/blog/archives/2009/07/new_attack_on_a.html
https://www.schneier.com/blog/archives/2009/07/another_new_aes.html

For some reason people read these blog posts and thought, for whatever
reason, that Schneier recommends AES-128 over AES-256. However, that is not
the case. Here's a relevant page from Schneier's book Cryptography
Engineering in which he recommends AES-256 (or switching to an algorithm
without known attacks):

https://pbs.twimg.com/media/BEvLoglCcAAqg4E.jpg

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130909/b741ae21/attachment.html>


More information about the cryptography mailing list