encryption algorithm

Robert J. Hansen rjh at sixdemonbag.org
Tue Dec 17 18:02:00 CET 2013

> Why would anyone choose AES-128 instead of something more secure,  
> say AES-256?

"More secure" is sort of ... missing the point.  It's sort of like  
arguing over whether King Kong or Godzilla is better at urban  
destruction.  We choose between ciphers principally based on features  
other than some nebulous concept of 'security', at which we can say  
that all the ciphers are more or less equally secure.

Insofar as why one might be chosen over another, a big reason is  
regulatory compliance.  For instance, a business might be constrained  
by laws or regulations that require 128-bit crypto.  Some regulations  
may require national standards to be used; in this case, a Japanese  
business may be required to use Camellia, while a U.S. business would  
be required to use AES or 3DES.

The other big reason to prefer one over another is comfort.  I've  
audited GnuPG's 3DES code and I'm satisfied that it's correct; I  
haven't audited the other algorithms.  That means I feel more  
comfortable using 3DES.

More information about the Gnupg-users mailing list