On 2015-11-30 12:47, Robert Relyea wrote:
I've always found the 128 bit prioritized over 256 a silly recommendation, I support reordering.

Can you expand on why you think it is silly?

The original thread [1] had a long discussion on this topic. The DJB batch attack redefines the landscape, but does not address the original concerns around AES-256 resistance. To me, the main question is to verify whether AES-256 implementations are at least as resistant as AES-128 ones, in which case the doubled key size provides a net benefit, and preferring it is a no-brainer.

[1] http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg11247.html

- Julien
dev-tech-crypto mailing list

Reply via email to