|
|
|
|
|
|
by chowells
457 days ago
|
|
|
The problem is that no commonly-used symmetric cipher has been studied nearly as heavily with larger keys. 128 bits for a symmetric cipher is enough for all practical purposes barring a cryptographic break, and it gives the best performance. Their constructions aren't so trivial that you can just extend the existing study to larger key sizes mechanically. Using larger key sizes basically means using new ciphers. Unstudied ciphers. It's much more conservative on your novelty budget to use a well-studied 128-bit cipher along with a well-studied key derivation function. In cryptography, you really should be as conservative as possible with your novelty budget. |
|
|