I watched the CCC video and I understand that he found a security flaw that makes it less secure that appears, but it still takes as long to brute force as AES 128, right? So by "practical" he lowered the brute force by a lot, but still not enough to realistically brute force it. It would have been nice if he mentioned the naive key space and what he reduced it to.