On Wed, 3 May 2006 17:28:56 -0400, Stephen Kent <kent at bbn.com> wrote: > I'm not a cryptographer, but I generally advise against encouraging > users to employ AES with 256-bit keys. The 256-bit key size is there > primarily as a hedge against the future development of quantum > computers. Since there are some performance costs with the use of big > keys, it seems unnecessary to adopt them at this time. > And even NSA recommends against 192-bit keys, preferring 128 for SECRET and 256 for TOP SECRET. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.