[146912] in cryptography@c2.net mail archive
Re: [Cryptography] AES state of the art...
daemon@ATHENA.MIT.EDU (Tony Arcieri)
Mon Sep 9 14:58:21 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20130908183357.3dd9e052@jabberwock.cb.piermont.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Mon, 9 Sep 2013 11:54:33 -0700
To: "Perry E. Metzger" <perry@piermont.com>
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============8913003966002745213==
Content-Type: multipart/alternative; boundary=089e013a15e67a31fa04e5f7ec02
--089e013a15e67a31fa04e5f7ec02
Content-Type: text/plain; charset=ISO-8859-1
On Sun, Sep 8, 2013 at 3:33 PM, Perry E. Metzger <perry@piermont.com> wrote:
> What's the current state of the art of attacks against AES? Is the
> advice that AES-128 is (slightly) more secure than AES-256, at least
> in theory, still current?
No. I assume that advice comes from related key attacks on AES, and Bruce
Schneier's blog posts about them:
https://www.schneier.com/blog/archives/2009/07/new_attack_on_a.html
https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
For some reason people read these blog posts and thought, for whatever
reason, that Schneier recommends AES-128 over AES-256. However, that is not
the case. Here's a relevant page from Schneier's book Cryptography
Engineering in which he recommends AES-256 (or switching to an algorithm
without known attacks):
https://pbs.twimg.com/media/BEvLoglCcAAqg4E.jpg
--
Tony Arcieri
--089e013a15e67a31fa04e5f7ec02
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">On Sun, Sep 8, 2013 at 3:33 PM, Perry E. Metzger <span dir=
=3D"ltr"><<a href=3D"mailto:perry@piermont.com" target=3D"_blank">perry@=
piermont.com</a>></span> wrote:<br><div class=3D"gmail_extra"><div class=
=3D"gmail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex">What's the current state of the art of attacks against=
AES? Is the<br>
advice that AES-128 is (slightly) more secure than AES-256, at least<br>
in theory, still current?</blockquote><div><br></div><div>No. I assume that=
advice comes from related key attacks on AES, and Bruce Schneier's blo=
g posts about them:</div><div><br></div><div><a href=3D"https://www.schneie=
r.com/blog/archives/2009/07/new_attack_on_a.html">https://www.schneier.com/=
blog/archives/2009/07/new_attack_on_a.html</a></div>
<div><a href=3D"https://www.schneier.com/blog/archives/2009/07/another_new_=
aes.html">https://www.schneier.com/blog/archives/2009/07/another_new_aes.ht=
ml</a></div><div><br></div><div>For some reason people read these blog post=
s and thought, for whatever reason, that Schneier recommends AES-128 over A=
ES-256. However, that is not the case. Here's a relevant page from Schn=
eier's book Cryptography Engineering in which he recommends AES-256 (or=
switching to an algorithm without known attacks):</div>
<div><br></div><div><a href=3D"https://pbs.twimg.com/media/BEvLoglCcAAqg4E.=
jpg">https://pbs.twimg.com/media/BEvLoglCcAAqg4E.jpg</a>=A0<br></div></div>=
<div><br></div>-- <br>Tony Arcieri<br>
</div></div>
--089e013a15e67a31fa04e5f7ec02--
--===============8913003966002745213==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============8913003966002745213==--