Consider implementing Rijndael-256
paulmillr opened this issue · 0 comments
paulmillr commented
The confidentiality of AES-GCM is far below 128-bit security 1.
Confidentiality advantage for an attacker is <
Rijndael to AES is what keccak is to SHA3: previous, unstandardized version. The idea is to support 256-bit blocks instead of 128-bit blocks of AES.