[Lazerbear]

Not sure if this the correct forum, but I scrolled all the way down the page and it said "solutions for just about any issue". I don't need a solution so much as an answer.

I've done some research online into AES, and yet I can't seem to find a reason why AES-512 doesn't exist. Is there a limit to the algorithm's effectivity past a certain key length? I built a cluster this summer, so if it simply an issue with CPU usage, I should be okay. Is there a technical reason why it doesn't exist, or has it just not been made yet? Is this AES-512 exclusive, what about AES-1024?

This is for beginner programmers (which I certainly am), so I hope you can answer my question.

[OmegaZero]

There's nothing particularly special about the values 128, 192, 256 except that a back-of-the-envelope computation shows them to be well beyond what could be brute-forced in the near future.

There's no reason why you couldn't create 512-bit AES. Though you'd have to tweak the algorithm as there's no formal definition for how to handle keys of that size. If you take a look at the spec (http://csrc.nist.gov/publications/fi...7/fips-197.pdf), you can see how it handles the various key sizes in section 5.2 "Key Expansion".

Of course there may be some terrible flaw in 512-bit AES. It wouldn't be studied as heavily as 256-bit AES (if at all) since it isn't being used.

BTW, the Security and Cryptography forum would probably be the best place for questions like this.

[Lazerbear]

Thanks, I heard that with quantum computing and dedicated processors AES-256 wouldn't remain very secure. Might be confused though.