[dm-crypt] Latest attacks on AES-256: AES key size

Ulrich Lukas stellplatz-nr.13a at datenparkplatz.de
Sat Aug 1 13:33:30 CEST 2009


Hi,


regardless of the two requirements of related keys and the reduced
number of rounds in the latest attacks against AES-256, as Bruce
Schneier describes in his blog:

http://www.schneier.com/blog/archives/2009/07/another_new_aes.html

I have a question because Schneier points out that AES-256 uses a
"pretty lousy" key schedule.

In the second to last paragraph, he suggests that people should use
AES-128 instead, which "provides more than enough security margin for
the forseeable future".


My question is, also regarding performance issues, if this should be an
indication for users of dm-crypt, that AES-128 is a better choice than
AES-256.

Does the related-key scenario for the exploit come into play in case
there are storage arrays with multiple dm-crypt volumes?


Regards,
Ulrich


More information about the dm-crypt mailing list