I don't know cryptopgraphics very well but the data throughput would be
a little better with lower keysize. However with a powerful CPU (maybe
AES-NI instructions included) this wouldn't matter anymore.
As compromise you could choose AES-192 if you need it more secure than
128 bit.
Finally quoted from Bruce Schneiers Blog:
"And for new applications I suggest that people don't use AES-256.
AES-128 provides more than enough security margin for the forseeable
future. But if you're already using AES-256, there's no reason to change."
Best regards
Robert
Am 25.09.2011 23:17, schrieb Robert Simmons:
I've been reading on Bruce Schneier's blog about key diffusion and the
key schedule in AES 256 being poor. Including this, for use in a geli
encrypted provider, what are the pros and cons of selecting AES 128,
192, or 256?
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
