On Thu, May 29, 2003 at 12:55:29PM -0400, Derek Atkins wrote:
"Jeroen C. van Gelderen" <jeroen(_at_)vangelderen(_dot_)org> writes:
In fact, there are those who feel safer with AES
at 128 than at256.
[...]
I certainly did not say "less secure", did I? It's certainly
much SLOWER, and certainly is not MORE secure...
Actually it may be more secure; AES-256 has more rounds to offer a
more conservative security margin because the key is longer. If half
of the key is unused, the extra rounds can only help.
So it is either as strong (if AES-128 truly offers 128 bits of
security), or stronger; but not "certainly is not MORE secure..."
Adam