AES is often used in conjunction with IPSec-VPNs.
K.U. Leuven, Belgium; Microsoft Research Redmond, USA; ENS Paris and Chaire France Telecom, France Abstract.
Since Rijndael was chosen as the Advanced Encryption Standard, improving upon 7-round attacks on the 128-bit key variant or upon 8-round at tacks on the 192/256-bit key variants has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a decade. In this paper we present a novel technique of block cipher cryptanalysis with bicliques, which leads to the following results:
  • The first key recovery attack on the full AES-128 with computational complexity 2^126.1
  • The first key recovery attack on the full AES-192 with computational complexity 2^189.7
  • The first key recovery attack on the full AES-256 with computational complexity 2^254.4
  • Attacks with lower complexity on the reduced-round versions of AES not considered before, including an attack on 8-round AES-128 with complexity 2^124.9
  • Preimage attacks on compression functions based on the full AES versions.
In contrast to most shortcut attacks on AES variants, we do not need to assume related-keys.
Most of our attacks only need a very small part of the codebook and have small memory requirements, and are practically verified to a large extent.
As our a ttacks are of high computational complexity (meaning only someone with access to a datacenter and unlimited electricity can do them), they do not threaten the practical use of AES in any way.
Keywords: block ciphers, bicliques, AES, key recovery, preimage
mirror: Biclique Cryptanalysis of the Full AES Andrey Bogdanov Dmitry Khovratovich and Christian Rechberger aesbc.pdf

now the joke:

accroding to wikipedia AES DOES NOT SUPPORT KEYS LARGER THAN 256 BIT 😀 (you must be kidding me 😀 i did generated 8192Bit SSH keys… yes it took a while but you can use it! no problem!)