On Sun, Sep 8, 2013 at 3:33 PM, Perry E. Metzger <pe...@piermont.com> wrote:

> What's the current state of the art of attacks against AES? Is the
> advice that AES-128 is (slightly) more secure than AES-256, at least
> in theory, still current?

No. I assume that advice comes from related key attacks on AES, and Bruce
Schneier's blog posts about them:


For some reason people read these blog posts and thought, for whatever
reason, that Schneier recommends AES-128 over AES-256. However, that is not
the case. Here's a relevant page from Schneier's book Cryptography
Engineering in which he recommends AES-256 (or switching to an algorithm
without known attacks):


Tony Arcieri
The cryptography mailing list

Reply via email to