On Sun, Sep 8, 2013 at 3:33 PM, Perry E. Metzger <pe...@piermont.com> wrote:
> What's the current state of the art of attacks against AES? Is the > advice that AES-128 is (slightly) more secure than AES-256, at least > in theory, still current? No. I assume that advice comes from related key attacks on AES, and Bruce Schneier's blog posts about them: https://www.schneier.com/blog/archives/2009/07/new_attack_on_a.html https://www.schneier.com/blog/archives/2009/07/another_new_aes.html For some reason people read these blog posts and thought, for whatever reason, that Schneier recommends AES-128 over AES-256. However, that is not the case. Here's a relevant page from Schneier's book Cryptography Engineering in which he recommends AES-256 (or switching to an algorithm without known attacks): https://pbs.twimg.com/media/BEvLoglCcAAqg4E.jpg -- Tony Arcieri
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
