On Tue 2015-06-02 18:15:21 -0400, NdK wrote: > IIRC, I read (some years ago...) that AES-256 could be *weaker* than > AES-128 because some mathematical structures express some properties > only with the longer keys. I don't have the paper handy ATM, but I > vaguely remember that shocking conclusion.
I think you're referring to: http://eprint.iacr.org/2009/374 https://www.schneier.com/blog/archives/2009/07/new_attack_on_a.html and http://eprint.iacr.org/2009/374 https://www.schneier.com/blog/archives/2009/07/another_new_aes.html These describe so-called "related-key" attacks, where the attacker knows that two AES keys are related to one another in a specific way (e.g. they know the XOR of the two keys), and can force operation of the cipher with these two keys: https://en.wikipedia.org/wiki/Related-key_attack OpenPGP in general (and GnuPG in specific) does not have any mechanism whereby an attacker can force a user to use two symmetric keys that it knows to be related to one another. I don't think these attacks are relevant. Regards, --dkg
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users