On Tue, Jul 02, 2019 at 12:18:52 CEST, Jordan Glover wrote: > On Monday, July 1, 2019 7:42 PM, Christoph Anton Mitterer <calestyo@xxxxxxxxxxxx> wrote: > > > On Sun, 2019-06-30 at 11:00 +0200, Milan Broz wrote: > > > > > IMO the problem is that the winner will get more attraction > > > (both from the implementation side as accelerations, but also > > > some analysis). I think this will not happen with the variants. > > > > Haven't we had in the past some (non-real-world) "attacks" on AES which > > affects either only AES128 or 256? We have seen some key-shortening that was a lot worse for AES-256 due to a worse key-schedule, but they have no real-world impact. If you know something I missed and there is something worse, I would appreciate a pointer. Real world "absolute security" is somewhere around 80...100 bit of effective key lenght and that is against known-plaintext, i.e. the absolute easiest attack possible. Regards, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
