I "strongly suggest" everyone drops NIST's encryption standards as soon as there are viable alternatives to them. They can't be trusted ever again, and it's best to form another truly international security standards body, anyway, with ties to no government.
And how do you know the "independent" organization that comes up with the next encryption standard wasn't covertly influenced or controlled by a hostile entity[1]?
Public scrutiny and peer review are the best defenses, and the NIST did as much.
[1] IMHO, I'm far more concerned about China and Russia then the US.
This. Seriously, their algorithms and mathematics are public and under constant scrutiny from the entire crytographic community. The vulnerabilities in RSA are known, sha already has a third version ready if a systemic weakness in 128->512 bit sha1/2 is revealed, and AES may require 512 bit keys for guaranteed security in the future, but seems solid.
They can't backdoor a math function because all 3 have been implemented by dozens of libraries and programs independently.
AES is only defined for 128, 192, or 256 bit keys. You'd need to switch to a different block cipher like Blowfish (up to 448 bit keys), RC2 (up to 1024 bit keys), or RC5 (up to 2048 bit keys) to have a larger keyspace.
If Bruce Schneier thinks that strong symmetric crypto works (the math behind it is sound) I think I will also trust it.
The attacks are usually on the implementations or subverting the rng. Or plain old thermorectal cryptoanalysis - it obtains both symmetrical and asymmetrical keys in fixed time.
