Svante, my remarks aren’t contradictory – I’m using the term “broken” in the correct, academic and cryptographic sense.
If a cipher can be broken with anything less than exhaustive key search, which AES can, then it’s considered broken. That doesn’t mean that it’s no good.
The AES biclique attack, from a very reputable source, proves this.
Also, see this.
Here are Bruce Schneier’s remarks:
“Breaking a cipher simply means finding a weakness in the cipher that can be exploited with a complexity less than brute force. Never mind that brute-force might require 2128 encryptions; an attack requiring 2110 encryptions would be considered a break…simply put, a break can just be a certificational weakness: evidence that the cipher does not perform as advertised.”
If his comments aren’t reputable then I don’t know whose are.