Answer by Joachim Strömbergson for Is AES-256 weaker than 192 and 128 bit...
It might be worth pointing out that the Boomerang attack by Alex Biryukov and Dmitry Khovratovich requires four keys. Some of the older related key attacks required $2^{35}$ keys, which makes the...
View ArticleAnswer by D.W. for Is AES-256 weaker than 192 and 128 bit versions?
No. AES-256 is not weaker than AES-128. Absolutely not. And I disagree with the the advice that you should avoid AES-256.The attack against AES-256 is a related-key attack, which is irrelevant to most...
View ArticleAnswer by Christian Forler for Is AES-256 weaker than 192 and 128 bit versions?
This depends on security notions. On the one hand, consideringrelated-key scenarios AES-256 is weaker then AES, since Biryukov andKhovratovich introduced a related key attack that has $2^{99.5}$...
View ArticleAnswer by Thomas Pornin for Is AES-256 weaker than 192 and 128 bit versions?
AES is an algorithm which is split into several internal rounds, and each round needs a specific 128-bit subkey (and an extra subkey is needed at the end). In an ideal world, the 11/13/15 subkeys would...
View ArticleAnswer by iivel for Is AES-256 weaker than 192 and 128 bit versions?
Asked and answered on server fault. https://serverfault.com/questions/51895/are-128-and-256bit-aes-encryption-considered-weakThe follow-up sentence to your bold point though is:And for new applications...
View ArticleIs AES-256 weaker than 192 and 128 bit versions?
From a paper via Schneier on Security's Another AES Attack (emphasis mine):In the case of AES-128, there is no known attack which is faster than the 2128 complexity of exhaustive search. However,...
View Article