Hello Rich,

On Mon, 2017-01-09 at 19:52 +0000, Salz, Rich wrote:
> AES 192 has been discussed at various times in the IETF mailing lists
> (see CFRG and TLS for most likely places).  Here's one posting:
> https://www.ietf.org/mail-archive/web/cfrg/current/msg04820.html
> My short summary is that if 128 isn't good enough for you, use 256.
> 192 is a midpoint that only makes things more complicated by adding
> more options (and potentially increases the size of the clienthello
> message, which has had deployment problems with some platforms).

Doesn't the fact that AES-192 seems to be more resistant against related
key attacks than AES-256 "in a world of 2^50 keys" count as an argument
for inclusion?

A related question, is the fact that AES-192 is more resistant to
related key attacks caused by the fact that it uses a key size that is
not an exponent of 2?


mount -t life -o ro /dev/dna /genetic/research

openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to