[Cryptography Team] Rijndael class>>#keySize

[Chris Muller]

Hellooooooooooo...  (It's been pretty quiet here).
 
 I would like to propose an increment to Rijndael's keySize as recommended in Practical Cryptography.  From Chapter 4, section 5.8 (p. 65):
 
     "A 128-bit key would be great except for one problem:  collision attacks.  Time and time again we find systems that can be attacked by a birthday attack or a meet-in-the-middle attack.  We know these attacks exist."
 ...
     "Design rule 3.  For a security level of n bits, every cryptographic value should be at least 2n bits long."
 ...
     "For 128-bit security we really want to use a block cipher witha block size of 256 bits, but all the common block ciphers have a block size of 128 bits."
 ...
     "Still, at least we can use the large keys that all AES candidate block ciphers support.  Therefore:  use 256-bit keys!"
 
 (I hope I don't get in trouble for quoting this much text).
 
 Furthermore, later on in chapter 22 about securing long-term secrets with passphrases, it recommends to "salt and stretch" the passphrase to a 256-bit value and use that to encrypt your secrets (i.e., keyring).  The only way Rijndael can do is with a keySize of 256 bits.
 
 If anyone objects, please let me know, otherwise I will post this change in the near future.
 
 Thanks,
   Chris