[dm-crypt] Latest attacks on AES-256: AES key size

Ulrich Lukas stellplatz-nr.13a at datenparkplatz.de
Sat Aug 1 13:33:30 CEST 2009


regardless of the two requirements of related keys and the reduced
number of rounds in the latest attacks against AES-256, as Bruce
Schneier describes in his blog:


I have a question because Schneier points out that AES-256 uses a
"pretty lousy" key schedule.

In the second to last paragraph, he suggests that people should use
AES-128 instead, which "provides more than enough security margin for
the forseeable future".

My question is, also regarding performance issues, if this should be an
indication for users of dm-crypt, that AES-128 is a better choice than

Does the related-key scenario for the exploit come into play in case
there are storage arrays with multiple dm-crypt volumes?


More information about the dm-crypt mailing list