Hi, regardless of the two requirements of related keys and the reduced number of rounds in the latest attacks against AES-256, as Bruce Schneier describes in his blog: http://www.schneier.com/blog/archives/2009/07/another_new_aes.html I have a question because Schneier points out that AES-256 uses a "pretty lousy" key schedule. In the second to last paragraph, he suggests that people should use AES-128 instead, which "provides more than enough security margin for the forseeable future". My question is, also regarding performance issues, if this should be an indication for users of dm-crypt, that AES-128 is a better choice than AES-256. Does the related-key scenario for the exploit come into play in case there are storage arrays with multiple dm-crypt volumes? Regards, Ulrich _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
