On 03/10/2013 04:13, Ray Dillinger wrote: > On 10/02/2013 02:13 PM, Brian Gladman wrote: > >> The NIST specification only eliminated Rijndael options - none of the >> Rijndael options included in AES were changed in any way by NIST. > > Leaving aside the question of whether anyone "weakened" it, is it > true that AES-256 provides comparable security to AES-128?
I may be wrong about this, but if you are talking about the theoretical strength of AES-256, then I am not aware of any attacks against it that come even remotely close to reducing its effective key length to 128 bits. So my answer would be 'no'. But, having said that, I consider the use of AES-256 in place of AES-128 to be driven more by marketing hype than by reality. The theoreticaal strength of modern cryptographic algorithms is the least of our worries in producing practical secure systems. Brian Gladman _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography