On Wed, Oct 2, 2013 at 8:13 PM, Ray Dillinger <b...@sonic.net> wrote:
> Leaving aside the question of whether anyone "weakened" it, is it > true that AES-256 provides comparable security to AES-128? No, there's a common misconception that the related key attacks make AES-256 worse than AES-128 because AES-128 is not susceptible to these attacks. The alleged source of this information is a Bruce Schneier blog post (which is fine in and of itself, it's being misinterpreted). In Schneier et al's book Cryptography Engineering he recommends AES-256 over AES-128, despite the flaws, but suggests we might consider looking for a better cipher at this point. The rationale is that AES-256 still provides a wider security margin. -- Tony Arcieri
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
