[e-lang] Fwd: Chat with kpreid at waterpoint.org
David Wagner
daw at cs.berkeley.edu
Sun Sep 20 03:15:48 EDT 2009
Bill Frantz wrote:
> AES - Recent work has shown that AES256 is only a bit stronger than AES128,
This is not an accurate summary of recent work, in my opinion.
For most purposes AES256 is just fine. There are no known weaknesses
that are relevant to the way that AES256 is normally used in practice --
including, as far as I know, the way it is used in TLS.
That's not to say that the difference between AES128 vs AES256 is
likely to matter much. It is very unlikely that AES128 will be the
weakest link in your system. So either one is a perfectly respectable
choice, from the point of view of security.
For further details and explanation on how to interpret the recent
work on AES256, see my comments elsewhere:
https://financialcryptography.com/cgi-bin/mt/mt-comments.cgi?entry_id=1180
http://www.schneier.com/blog/archives/2009/07/another_new_aes.html#c387018
More information about the e-lang
mailing list