I'm not in classical crypto, so I occasionally mess up and call algorithms based on computational difficult "based on factoring". The end result is the same though. Publication with delay.
RSA and AES are wildly different animals. You break RSA by factoring very large numbers. Currently this is done with GNFS, which is steadily improving. Theoretically, it may also be possible to do it much faster. Nobody brute forces RSA.
In order to crack AES though you need to either brute force it (which you will never do. Not that many bits, just forget about it.) Or you need a cryptanalytic attack that allows you to do it with reasonable computation and memory complexity. An attack that is currently unknown.
But surely such an attack could conceivably appear.. so what is the difference? The difference is that while RSA is a ticking clock (worse case scenario: slap on another ~256 bits to "factor-able" every 5 to 10 years), AES is only a ticking clock in the sense that we cannot rule out the possibility that one day it may start to tick.
If anyone in the world can crack AES, or will be able to crack AES anytime soon, it's the NSA, And it does not matter to Assange if they can crack it (unless the entire insurance file is a bluff).
AES was and is absolutely the correct choice for an insurance file. (I believe this is about when tptacek steps in, correctly calls me an idiot, and points out that another symmetric key cipher is a better choice.)
I meant worse in the sense of slowest progress. The slowest RSA is going to continue to degrade is pretty much the standard that it has been doing so consistently. Bad wording on my part.
