what is the difference between the decoding time for aes 128/192/256, is aes192 / 256 too paranoid?


given this supercomputer : http://en.wikipedia.org/wiki/Tianhe-1A - that is no.1 at TOP500, operating at 2.5 petaFLOPS, how long it would take on average to decrypt properly encoded (that is with random password) string in these three ciphers ?

A bruteforce attack in the key space on even AES128 isn't currently feasible. But as security is only as strong as the weakest part of it, you usually attack the password which almost always has an entropy much smaller than the keysize.

You can't encode based on a password with raw AES. AES uses a key.

You first need to derive a key from the password, and this step is crucial to the security. Typically you use a password-based-key-derivation-function such as PBKDF2 to derive the key from the password. You need to use a random salt and an appropriate number of iterations.

And of course the password entropy is very important. An attacker will first try dictionary words and their variations and then continue on to brute forcing short passwords. How fast this is depends on the number of iterations of your key derivation.