Why would anyone choose AES-128 instead of something more secure, say AES-256?
"More secure" is sort of ... missing the point. It's sort of like arguing over whether King Kong or Godzilla is better at urban destruction. We choose between ciphers principally based on features other than some nebulous concept of 'security', at which we can say that all the ciphers are more or less equally secure.
Insofar as why one might be chosen over another, a big reason is regulatory compliance. For instance, a business might be constrained by laws or regulations that require 128-bit crypto. Some regulations may require national standards to be used; in this case, a Japanese business may be required to use Camellia, while a U.S. business would be required to use AES or 3DES.
The other big reason to prefer one over another is comfort. I've audited GnuPG's 3DES code and I'm satisfied that it's correct; I haven't audited the other algorithms. That means I feel more comfortable using 3DES.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users