I don't know cryptopgraphics very well but the data throughput would be
a little better with lower keysize. However with a powerful CPU (maybe
AES-NI instructions included) this wouldn't matter anymore.
As compromise you could choose AES-192 if you need it more secure than
128 bit.
Finally quoted from Bruce Schneiers Blog:
"And for new applications I suggest that people don't use AES-256.
AES-128 provides more than enough security margin for the forseeable
future. But if you're already using AES-256, there's no reason to
change."
Best regards
Robert
Am 25.09.2011 23:17, schrieb Robert Simmons:> I've been reading on Bruce Schneier's blog about key diffusion and
the
> key schedule in AES 256 being poor. Including this, for use in a geli
> encrypted provider, what are the pros and cons of selecting AES 128,
> 192, or 256?
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
"freebsd-security-unsubscribe@freebsd.org"