[Info-vax] BridgeWorks
Michael S
already5chosen at yahoo.com
Tue Jul 23 07:52:35 EDT 2024
On Mon, 22 Jul 2024 22:55:35 -0400
Arne Vajhøj <arne at vajhoej.dk> wrote:
> On 7/22/2024 10:41 PM, Lawrence D'Oliveiro wrote:
> > On Mon, 22 Jul 2024 21:17:57 -0500, Grant Taylor wrote:
> >> The difference is that we've gotten a lot better at breaking AES.
> >
> > What advances have been made on that score?
>
> I think it was a hypothetical scenario.
>
> > The original recommendation was to stick with AES-128, and not
> > bother with AES-192 or AES-256; as far as I know that hasn’t
> > changed.
>
> People should use AES-256 today - not AES-128.
>
> AES-128 is toast if/when they make a quantum computer with
> enough qubits. AES-256 is good.
>
> Arne
>
It does not sound right.
We can be sufficiently sure that quantum computer capable of breaking
AES128 in, say, less than 10 years of compute time is not going to be
built in the next 50 years.
On the other hand, there exist non-negligible chance that quantum
computer capable of breaking at least one of today's popular key
exchange algorithms will be built in next 20-25 years. And that would
affect all protocols that use broken key exchange regardless of
robustness of underlying symmetric cipher - AES256 would fair no better
than ancient DES.
If you believe in quantum threat, you should care first and foremost
about key exchange part of your solution. The symmetric part, assuming
that it's AES128 or better is safe.
More information about the Info-vax
mailing list