Strictly speaking, 112 bits of "security" is "strong" enough. The problem is this is usually measured as the log (base 2) of the number of possible secret keys. It ignores:
- Block size <- YOU ARE HERE
- Cipher mode
- Cipher construction and integrity checks (for non-AEAD modes)
- Key exchange
You can break 256 bit AES if you're using 256-bit classical Diffie Hellman, for example. "But AES has 256 bits of security!" is somewhat silly to argue in such a hypothetical protocol.
This is one reason why you're better off ignoring PCI-DSS when it comes to cryptography guidelines (aside from maintaining compliance where you have obligations to remain compliant, of course).
This is one reason why you're better off ignoring PCI-DSS when it comes to cryptography guidelines (aside from maintaining compliance where you have obligations to remain compliant, of course).