From owner-freebsd-security@FreeBSD.ORG Mon Sep 26 07:00:16 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D80E21065670 for ; Mon, 26 Sep 2011 07:00:13 +0000 (UTC) (envelope-from webmaster@n-o-x.org) Received: from bsdmail.vps001.root-1.eu (mpkfa.info [188.40.228.60]) by mx1.freebsd.org (Postfix) with ESMTP id 2B9218FC0A for ; Mon, 26 Sep 2011 07:00:12 +0000 (UTC) Received: from bsdmail.vps001.root-1.eu (bsdmail [10.0.0.4]) by bsdmail.vps001.root-1.eu (Postfix) with ESMTP id 6623822848F for ; Mon, 26 Sep 2011 08:40:19 +0200 (CEST) Received: by bsdmail.vps001.root-1.eu (Postfix, from userid 65534) id 48AF3229535; Mon, 26 Sep 2011 08:40:19 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on bsdmail.dyndns.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=4.0 tests=ALL_TRUSTED autolearn=ham version=3.3.2 Received: from [192.168.2.115] (p54A8CECE.dip.t-dialin.net [84.168.206.206]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: webmaster@n-o-x.org) by bsdmail.vps001.root-1.eu (Postfix) with ESMTPSA id 1A98522848F for ; Mon, 26 Sep 2011 08:40:17 +0200 (CEST) Message-ID: <4E801E4F.8040202@n-o-x.org> Date: Mon, 26 Sep 2011 08:40:15 +0200 From: webmaster User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV Subject: Re: Which AES to use? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Sep 2011 07:00:16 -0000 I don't know cryptopgraphics very well but the data throughput would be a little better with lower keysize. However with a powerful CPU (maybe AES-NI instructions included) this wouldn't matter anymore. As compromise you could choose AES-192 if you need it more secure than 128 bit. Finally quoted from Bruce Schneiers Blog: "And for new applications I suggest that people don't use AES-256. AES-128 provides more than enough security margin for the forseeable future. But if you're already using AES-256, there's no reason to change." Best regards Robert Am 25.09.2011 23:17, schrieb Robert Simmons: > I've been reading on Bruce Schneier's blog about key diffusion and the > key schedule in AES 256 being poor. Including this, for use in a geli > encrypted provider, what are the pros and cons of selecting AES 128, > 192, or 256? > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"