encryption algorithm
Robert J. Hansen
rjh at sixdemonbag.org
Tue Dec 17 18:02:00 CET 2013
> Why would anyone choose AES-128 instead of something more secure,
> say AES-256?
"More secure" is sort of ... missing the point. It's sort of like
arguing over whether King Kong or Godzilla is better at urban
destruction. We choose between ciphers principally based on features
other than some nebulous concept of 'security', at which we can say
that all the ciphers are more or less equally secure.
Insofar as why one might be chosen over another, a big reason is
regulatory compliance. For instance, a business might be constrained
by laws or regulations that require 128-bit crypto. Some regulations
may require national standards to be used; in this case, a Japanese
business may be required to use Camellia, while a U.S. business would
be required to use AES or 3DES.
The other big reason to prefer one over another is comfort. I've
audited GnuPG's 3DES code and I'm satisfied that it's correct; I
haven't audited the other algorithms. That means I feel more
comfortable using 3DES.
More information about the Gnupg-users
mailing list