[Cryptography] AES state of the art...

Tony Arcieri bascule at gmail.com
Mon Sep 9 14:54:33 EDT 2013

On Sun, Sep 8, 2013 at 3:33 PM, Perry E. Metzger <perry at piermont.com> wrote:

> What's the current state of the art of attacks against AES? Is the
> advice that AES-128 is (slightly) more secure than AES-256, at least
> in theory, still current?

No. I assume that advice comes from related key attacks on AES, and Bruce
Schneier's blog posts about them:


For some reason people read these blog posts and thought, for whatever
reason, that Schneier recommends AES-128 over AES-256. However, that is not
the case. Here's a relevant page from Schneier's book Cryptography
Engineering in which he recommends AES-256 (or switching to an algorithm
without known attacks):


Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130909/b741ae21/attachment.html>

More information about the cryptography mailing list