On Monday, July 1, 2019 7:42 PM, Christoph Anton Mitterer <calestyo@xxxxxxxxxxxx> wrote: > On Sun, 2019-06-30 at 11:00 +0200, Milan Broz wrote: > > > IMO the problem is that the winner will get more attraction > > (both from the implementation side as accelerations, but also > > some analysis). I think this will not happen with the variants. > > Haven't we had in the past some (non-real-world) "attacks" on AES which > affects either only AES128 or 256? > > It's as you've said in that one mail you've referenced... there's often > more analysis on alogs which are actually used(usable) somewhere... > which however also means, if implementations focus only on one single > algorithm (arguably the two are the same alog, just different sizes) > there is no fall back ready if anything should ever been suddenly found > in that single algo. > AEGIS128, AEGIS256, and AEGIS128L are all different algos, see: https://lore.kernel.org/linux-crypto/CAEX_ruEDA9ZG+6aA_jTBSq-MM=pOrdxoJA2x0LPF3dkYk76kCQ@xxxxxxxxxxxxxx/ Jordan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
