Thanks, and yes, you’re right that there has been a break published against AES, as you say, in the academic sense. There are also various breaks against reduced round versions. There is still no practical attack published. The text your refer to starts with:
“Breaking a cipher doesn’t necessarily mean finding a practical way for an eavesdropper to recover the plaintext from just the ciphertext“.
The problem here is that even cryptographers do not have a precise vocabulary to distinguish various levels of breaks. I personally tend to use the term “break” in context to describe the break. I.e. “There’s a break against AES in all versions reducing the complexity by 2-3 bits”. When I use the term “broken”, with this I mean that the algorithm is entirely compromised and considered unsafe.
I find it very unintuitive and misleading to state that since there’s a break against AES reducing the complexity by a few bits, AES is broken. Therefore I protest against such a statement when it’s not carefully qualified to explain just what parts or to what extent it is broken.
Still, I will certainly agree that in the long run there are some indications that AES might indeed become unsafe one day, since there are several published weaknesses found, even if no practical attack has yet been published. As you quote Bruce Schneier, I’ll have to do the same: “Attacks never get worse, they only get better”. (more or less, it’s from memory).
Thanks for good input! But remember, most readers of these posts are not cryptographically knowledgeable – or even interested. They just want to know the simplest answer to the question “Is AxCrypt safe?”. I know, and obviously you do too, that there’s no really simple answer like “yes” or “no” to that question. But we have to try to give as good and as simple answers as possible.