* [dm-crypt] Latest attacks on AES-256: AES key size
@ 2009-08-01 11:33 Ulrich Lukas
0 siblings, 0 replies; only message in thread
From: Ulrich Lukas @ 2009-08-01 11:33 UTC (permalink / raw)
To: dm-crypt
Hi,
regardless of the two requirements of related keys and the reduced
number of rounds in the latest attacks against AES-256, as Bruce
Schneier describes in his blog:
http://www.schneier.com/blog/archives/2009/07/another_new_aes.html
I have a question because Schneier points out that AES-256 uses a
"pretty lousy" key schedule.
In the second to last paragraph, he suggests that people should use
AES-128 instead, which "provides more than enough security margin for
the forseeable future".
My question is, also regarding performance issues, if this should be an
indication for users of dm-crypt, that AES-128 is a better choice than
AES-256.
Does the related-key scenario for the exploit come into play in case
there are storage arrays with multiple dm-crypt volumes?
Regards,
Ulrich
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2009-08-01 11:33 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-08-01 11:33 [dm-crypt] Latest attacks on AES-256: AES key size Ulrich Lukas
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox