From 6a0f9031cba6c5826a3f20c5c1fc8ad17b17a8a7 Mon Sep 17 00:00:00 2001
From: Paul Miller <paul@paulmillr.com>
Date: Wed, 18 Dec 2024 16:59:45 +0000
Subject: [PATCH] readme

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 29ec86d..8679fde 100644
--- a/README.md
+++ b/README.md
@@ -319,6 +319,8 @@ If you can't use it, prefer AES-GCM-SIV, or AES-GCM.
 - Don't re-use keys between different protocols
   - For example, using secp256k1 key in AES can be bad
   - Use hkdf or, at least, a hash function to create sub-key instead
+- If you need AES, only use AES-256 for new protocols
+  - For post-quantum security
 
 ### Nonces