Sujet : Re: BridgeWorks
De : already5chosen (at) *nospam* yahoo.com (Michael S)
Groupes : comp.os.vmsDate : 23. Jul 2024, 12:52:35
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <20240723145235.00000948@yahoo.com>
References : 1 2 3 4 5 6 7 8 9
User-Agent : Claws Mail 3.19.1 (GTK+ 2.24.33; x86_64-w64-mingw32)
On Mon, 22 Jul 2024 22:55:35 -0400
Arne Vajhøj <
arne@vajhoej.dk> wrote:
On 7/22/2024 10:41 PM, Lawrence D'Oliveiro wrote:
On Mon, 22 Jul 2024 21:17:57 -0500, Grant Taylor wrote:
The difference is that we've gotten a lot better at breaking AES.
What advances have been made on that score?
I think it was a hypothetical scenario.
The original recommendation was to stick with AES-128, and not
bother with AES-192 or AES-256; as far as I know that hasn’t
changed.
People should use AES-256 today - not AES-128.
AES-128 is toast if/when they make a quantum computer with
enough qubits. AES-256 is good.
Arne
It does not sound right.
We can be sufficiently sure that quantum computer capable of breaking
AES128 in, say, less than 10 years of compute time is not going to be
built in the next 50 years.
On the other hand, there exist non-negligible chance that quantum
computer capable of breaking at least one of today's popular key
exchange algorithms will be built in next 20-25 years. And that would
affect all protocols that use broken key exchange regardless of
robustness of underlying symmetric cipher - AES256 would fair no better
than ancient DES.
If you believe in quantum threat, you should care first and foremost
about key exchange part of your solution. The symmetric part, assuming
that it's AES128 or better is safe.
BridgeWorks
Re: BridgeWorks