From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by mail.saout.de (Postfix) with ESMTP id BFF009031 for ; Sat, 1 Aug 2009 13:33:36 +0200 (CEST) Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uSV2jUYH5we1 for ; Sat, 1 Aug 2009 13:33:32 +0200 (CEST) Received: from dd2934.kasserver.com (dd2934.kasserver.com [85.13.129.136]) by mail.saout.de (Postfix) with ESMTP for ; Sat, 1 Aug 2009 13:33:31 +0200 (CEST) Received: from [192.168.0.202] (p4FDDF458.dip.t-dialin.net [79.221.244.88]) by dd2934.kasserver.com (Postfix) with ESMTP id 252081807CF0F for ; Sat, 1 Aug 2009 13:33:33 +0200 (CEST) Message-ID: <4A74280A.50403@datenparkplatz.de> Date: Sat, 01 Aug 2009 13:33:30 +0200 From: Ulrich Lukas MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Subject: [dm-crypt] Latest attacks on AES-256: AES key size List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hi, regardless of the two requirements of related keys and the reduced number of rounds in the latest attacks against AES-256, as Bruce Schneier describes in his blog: http://www.schneier.com/blog/archives/2009/07/another_new_aes.html I have a question because Schneier points out that AES-256 uses a "pretty lousy" key schedule. In the second to last paragraph, he suggests that people should use AES-128 instead, which "provides more than enough security margin for the forseeable future". My question is, also regarding performance issues, if this should be an indication for users of dm-crypt, that AES-128 is a better choice than AES-256. Does the related-key scenario for the exploit come into play in case there are storage arrays with multiple dm-crypt volumes? Regards, Ulrich