Hellooooooooooo... (It's been pretty quiet here).
I would like to propose an increment to Rijndael's keySize as recommended in Practical Cryptography. From Chapter 4, section 5.8 (p. 65):
"A 128-bit key would be great except for one problem: collision attacks. Time and time again we find systems that can be attacked by a birthday attack or a meet-in-the-middle attack. We know these attacks exist." ... "Design rule 3. For a security level of n bits, every cryptographic value should be at least 2n bits long." ... "For 128-bit security we really want to use a block cipher witha block size of 256 bits, but all the common block ciphers have a block size of 128 bits." ... "Still, at least we can use the large keys that all AES candidate block ciphers support. Therefore: use 256-bit keys!"
(I hope I don't get in trouble for quoting this much text).
Furthermore, later on in chapter 22 about securing long-term secrets with passphrases, it recommends to "salt and stretch" the passphrase to a 256-bit value and use that to encrypt your secrets (i.e., keyring). The only way Rijndael can do is with a keySize of 256 bits.
If anyone objects, please let me know, otherwise I will post this change in the near future.
Thanks, Chris