> I remember reading about an attack that works better against AES-256 > than AES-128:
That one's a related-key attack, which requires the attacker to have a significant number of keys that have some mathematical relationship to each other. OpenPGP uses random nonces for symmetric keys (or iterated hashing, which does a pretty good job of destroying mathematical relationships), so this attack is a complete nonissue for OpenPGP. :) > I am not qualified to argue for or against either cipher, but I > wonder if this advice from 2009 is still valid today. The biggest reason, IMO, to move to 256-bit ciphers is because it will hopefully quell the voices who are screaming that 128-bit crypto is somehow insufficient. It's not, and no one has ever presented any serious evidence that it is, but these arguments crop up with great regularity nevertheless.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
