c# - Are the AES legal key sizes really the limit? -

the aescryptoserviceprovider.legalkeysizes field shows allowed sizes in bits.

however don't understand if true, how able utilise 2048 bit key length (256 bytes)?

i suppose real question is, key produced size requested (larger max 32 byte), first 32 bytes (256 bits) taken in encryption/decryption process, rendering larger key size waste of space?

i don't know if there way of telling what's exposed in api...

any thoughts? maybe i'm looking @ in wrong way?

aes can used 3 key sizes: 128, 192 , 256 bit keys. if able use larger keys 256 bit, library "lying you" i.e. bits of larger key discarded or compressed somehow. instance php mcrypt cuts size of key down largest possible size.

larger key "seeds" rather common in world of cryptography. instance diffie-hellman - key agreement algorithm - generates secret larger key size required. question of extracting (concentrating) amount of entropy in key arises. if bits truncated entropy in bits discarded.

so used in modern cryptography kdf, key derivation function. if input - seed - password, should utilize pbkdf (password based kdf). modern pbkdf's pbkdf2, bcrypt, scrypt , argon2.

if input key - data provides enough entropy (randomness) if taken - should utilize kbkdf (key based kdf). modern kbkdf instance hkdf. note these algorithms require additional input, if no additional data provided key bits ignored.

the cryptographic strength of aes-128 , stays 128 bits of course. long these bits indistinguishable random attacker, aes-128 should provide enough security practical needs. aes-256 used if fear breakthroughs in quantum cryptography.

---

so answer: "are aes legal key sizes limit?" answer resounding yes. 2048 bit key sizes more commonly found asymmetric algorithms such rsa / dsa. rsa , dsa key size rather low, though should still out of reach practical attacks. maybe ciphertext encrypted using hybrid encryption.