On 2015-11-30 12:47, Robert Relyea wrote:
I've always found the 128 bit prioritized over 256 a silly
recommendation, I support reordering.
Can you expand on why you think it is silly?
The original thread [1] had a long discussion on this topic. The DJB
batch attack redefines the landscape, but does not address the original
concerns around AES-256 resistance. To me, the main question is to
verify whether AES-256 implementations are at least as resistant as
AES-128 ones, in which case the doubled key size provides a net benefit,
and preferring it is a no-brainer.
[1]
http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg11247.html
- Julien
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
