AES key length greater than 256 bits - is it dangerous to do an implementation outside of the standard?

Question

I'm making a digital-asset manager written in ActionScript 3, it will be used to manage highly sensitive information. I'm using the AS3Crypto library (which has quite a good reputation) to implement AES encryption.

When I encrypt data using the AS3Crypto library, using AES-CBC, and a 256-bit key, I'm able to successfully decrypt it with php/mcrypt using the same key/iv. That is to say, the AS3Crypto implementation seems fine.

When I use a key longer than 256-bits, I'm able to successfully encrypt it and decrypt it with the AS3Crypto library. Changing just 1 character in key causes the decryption to fail, indicating that the full key is indeed being used, and not truncated to 256-bit. However, when I try to decrypt the cipher with mcrypt, it fails (unsurprisingly, as the specification for AES states a maximum key-size of 256-bits).

My questions are, taking the below assumptions into consideration, will using a key longer than 256-bits introduce some sort of vulnerability into the encryption? And if not, will using a longer key theoretically increase resistance from brute-force attacks?

Assumptions:

• I understand that a 256-bit key is sufficiently strong
• encryption will only take place client-side with the AS3Crypto library, and hence doesn't necessarily need to be compatible with other implementations
• the key is a string containing random alpha-numeric characters, and is not derived from a PBKDF
• even if using a key longer than 256-bit is overkill, the extra security that it might offer would be appreciated

Answer 1

There is no obvious extension of AES for larger key sizes. At best, AS3Crypto may be hashing the key to 256-bits for you, but the risk that AS3Crypto is doing something horribly insecure in that case is astronomically larger than any benefit that you could gain by having a larger key size.

$2^{256}$ is so huge that the only way that it could ever be brute-forced is by finding a significant AES weakness that would likely make all AES key sizes vulnerable in any case.

Even though you currently don't have any need to use anything other than AS3Crypto, that might change and it would be nice not to have a non-standard cipher in place.

Lastly, if you really do want to exceed AES-256 security (and you are probably fooling yourself, as I think you know), you would be better off XORing with a completely different cipher like Salsa20. Tahoe-LAFS (which is written by people who know what they are doing, crypto-wise) has taken this approach as they are aiming for 100 year security: https://tahoe-lafs.org/trac/tahoe-lafs/wiki/OneHundredYearCryptography.