[dm-crypt] Latest attacks on AES-256: AES key size
stellplatz-nr.13a at datenparkplatz.de
Sat Aug 1 13:33:30 CEST 2009
regardless of the two requirements of related keys and the reduced
number of rounds in the latest attacks against AES-256, as Bruce
Schneier describes in his blog:
I have a question because Schneier points out that AES-256 uses a
"pretty lousy" key schedule.
In the second to last paragraph, he suggests that people should use
AES-128 instead, which "provides more than enough security margin for
the forseeable future".
My question is, also regarding performance issues, if this should be an
indication for users of dm-crypt, that AES-128 is a better choice than
Does the related-key scenario for the exploit come into play in case
there are storage arrays with multiple dm-crypt volumes?
More information about the dm-crypt