[SAI_Peregrinus]

Yes, I merely want to reiterate as clearly as possible that there's no such algorithm endorsed by NIST. AES is a standard, AES-1024 isn't one of the variants of that standard. For good reason.

Symmetric key sizes larger than 256 bits are pretty much universally snake oil.

[a1369209993]

> Symmetric key sizes larger than 256 bits are pretty much universally snake oil.

512, actually - some symmetric applications are vulnerable to collision or collision-like attacks, and a cosmological-scale attacker can theoretically get up to about 2^308[0] bit operations at current-ish cosmic microwave background temperatures, so 2^256 bit operations is just about plausible in worst case scenario planning.

But 256-bit keys are probably sufficient for any practical application, and that doesn't excuse 1024 anyway.

0:

  You have: log2(1e80 amu c2 / k 3K ln(2)) 
  # (mass of observable universe / landauer limit)
  Definition: 307.99542