This is a related-key attack of only theoretical interest at the moment. It is believed that related-key attack are very hard to stage in applications like SSL/TLS. Some of the NIST SHA-3 candidates however, seem to use the input data (directly or indirectly) to get a key for AES. Hash algorithm input data may be related, which may make related-key attacks plausible against those SHA-3 candidates.
The authors have not shown that the attack is effective against AES-128. However, in many real-world applications, such as TLS, AES-256 is still more secure than AES-128. Best Regards, Peter Djalaliev
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
