[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AES-256 vs AES-128

To: moeller@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (Bodo Moeller)
Subject: Re: AES-256 vs AES-128
From: Mike Markowitz <markowitz@xxxxxxxxxxxxxxx>
Date: Tue, 24 Jun 2003 15:54:49 -0500
Cc: ietf-openpgp@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <> <> <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

At 03:10 PM 5/31/2003 +0200, Bodo Moeller wrote:

Of course arguably 128 bits are by far enough so that you don't really
have to worry about anything of this -- unless you think that quantum
attacks might become realistic.

Just when you thought this thread was dead... <g>

Here NSA's current view of the matter (from the recent "CNSS Policy No. 15, FS-1" document: http://csrc.nist.gov/cryptval/CNSS15FS.pdf):

"(6) The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths."

-mjm

References:
- Re: AES-256 vs AES-128
  - From: Werner Koch
- Re: AES-256 vs AES-128 (Re: Suggested DER Prefixes)
  - From: John Wilkinson
- Re: AES-256 vs AES-128
  - From: Bodo Moeller

Prev by Date: Re: key flag for authentication
Next by Date: Suggestion for the signing subkey problem
Previous by thread: Re: AES-256 vs AES-128
Next by thread: Re: AES-256 vs AES-128 (Re: Suggested DER Prefixes)
Index(es):
- Date
- Thread