[146905] in cryptography@c2.net mail archive
Re: [Cryptography] AES state of the art...
daemon@ATHENA.MIT.EDU (Alexander Klimov)
Mon Sep 9 09:09:15 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 9 Sep 2013 14:18:41 +0300
From: Alexander Klimov <alserkli@inbox.ru>
To: "Perry E. Metzger" <perry@piermont.com>
In-Reply-To: <20130908183357.3dd9e052@jabberwock.cb.piermont.com>
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Sun, 8 Sep 2013, Perry E. Metzger wrote:
> What's the current state of the art of attacks against AES? Is the
> advice that AES-128 is (slightly) more secure than AES-256, at least
> in theory, still current?
I am not sure what is the exact attack you are talking about, but I
guess you misunderstood the result that says: "the attack works
against AES-256, but not against AES-128" as meaning that AES-128 is
more secure. It can be the case that to break AES-128 the attack needs
2^240 time, while to break AES-256 it needs 2^250 time. Here AES-128
is not technically broken, since 2^240 > 2^128, but AES-256 is broken,
since 2^250 < 2^256, OTOH, AES-256 is still more secure against the
attack.
--
Regards,
ASK
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
