On 03/10/2013 04:13, Ray Dillinger wrote:
> On 10/02/2013 02:13 PM, Brian Gladman wrote:
>> The NIST specification only eliminated Rijndael options - none of the
>> Rijndael options included in AES were changed in any way by NIST.
> Leaving aside the question of whether anyone "weakened" it, is it
> true that AES-256 provides comparable security to AES-128?

I may be wrong about this, but if you are talking about the theoretical
strength of AES-256, then I am not aware of any attacks against it that
come even remotely close to reducing its effective key length to 128
bits.  So my answer would be 'no'.

But, having said that, I consider the use of AES-256 in place of AES-128
to be driven more by marketing hype than by reality.  The theoreticaal
strength of modern cryptographic algorithms is the least of our worries
in producing practical secure systems.

   Brian Gladman

The cryptography mailing list

Reply via email to