Paper and details are not yet public, but Schneier provides a summary: http://www.schneier.com/blog/archives/2009/07/another_new_aes.html
Basically, if AES-256 is implemented with fewer rounds than the standard specifies (essentially the number of rounds recommended for AES-128), it is susceptible to a number of related-key attacks. -- I)ruid, CĀ²ISSP dr...@caughq.org http://druid.caughq.org --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com