This does not contain a MAC though, does it? Also why CBC? Why not CTR/GCM instead? And why AES256 instead of Chacha20-Poly1305 or some other modern AEAD?
- GCM unlike CBC is an AEAD mode (has a MAC build-in)
- CBC needs padding, which when misused can lead to padding oracle attacks
- GCM allows for parallel encryption
> And whats wrong with AES256?
There are more modern, faster and better ciphers that are designed to not be vulnerable against many side-channel attacks that AES is difficult to protect against.