René Puls rpuls at
Tue Mar 17 22:23:24 CET 2015

On Tue, 17 Mar 2015 15:44:47 -0400 Robert J. Hansen wrote:
> [*] As I read the tea leaves, I'm more convinced of AES256's long-term
> strength than I am of AES128's.  However, the idea that either one of
> them is somehow 'weak' is just ludicrous.  If you use AES128, don't
> panic.  :)

I remember reading about an attack that works better against AES-256
than AES-128:

Bruce Schneier wrote:

> And for new applications I suggest that people don't use AES-256.
> AES-128 provides more than enough security margin for the forseeable
> future. But if you're already using AES-256, there's no reason to
> change.

I am not qualified to argue for or against either cipher, but I wonder
if this advice from 2009 is still valid today.


More information about the Gnupg-users mailing list