| > | ...Compusec is great for home / personal use. It is cheap i.e. $0.00
| > | (Free), and does not slow down the computer as much as the other
| > | products. But that is because it only support 128 bit AES, which is a
| > | major drawback as most enterprise settings require at least 256 bit
| > | AES....
| > Just wondering about this little piece.  How did we get to 256-bit
| > AES as a requirement?  Just what threat out there justifies it? ...
| 
| It's a management requirement.  The manager sees "AES128" and "AES256"
| and thinks "256 must be better than 128" and therefore the edict comes
| down that AES256 must be used.  It's not a technical decision.  It's
| not a decision made by analyzing the threats.  It's made purely
| by assertion, but it's a decision that can't easily be refuted.
Well, there's a very easy answer to that one:  Tell the manager
involved that the number is the price.  "You can have the industrial
grade one for 128 bucks, or the one done to MIL specs with gold plating
for 256 bucks."  :-)

                                                        -- Jerry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to