Hello Rich, On Mon, 2017-01-09 at 19:52 +0000, Salz, Rich wrote: > AES 192 has been discussed at various times in the IETF mailing lists > (see CFRG and TLS for most likely places). Here's one posting: > https://www.ietf.org/mail-archive/web/cfrg/current/msg04820.html > > My short summary is that if 128 isn't good enough for you, use 256. > 192 is a midpoint that only makes things more complicated by adding > more options (and potentially increases the size of the clienthello > message, which has had deployment problems with some platforms).
Doesn't the fact that AES-192 seems to be more resistant against related key attacks than AES-256 "in a world of 2^50 keys" count as an argument for inclusion? A related question, is the fact that AES-192 is more resistant to related key attacks caused by the fact that it uses a key size that is not an exponent of 2? Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev