2013.01.16 10:17:28 (291474239717011456) from Daniel J. Bernstein, replying to "CodesInChaos (@CodesInChaos)" (291231812443848704):
@CodesInChaos @matthew_d_green Submissions for AES, SHA-3, etc. all started out "non standard", "less analyzed", "implemented in few libs".
2013.01.15 16:45:44 (291209561979883521) from "Matthew Green (@matthew_d_green)", replying to "JP Aumasson (@veorq)":
@aumasson So do authenticated modes of operation count as authenticated ciphers?
2013.01.15 17:55:55 (291227225427177473) from Daniel J. Bernstein, replying to "Matthew Green (@matthew_d_green)" (291209561979883521):
@matthew_d_green AES + an AE mode will give you an authenticated cipher, but teaming up with a cipher designer should give better results!
2013.01.15 18:14:09 (291231812443848704) from "CodesInChaos (@CodesInChaos)":
@hashbreaker @matthew_d_green But comes at a high price. You get a non standard, less analyzed primitive that's implemented in few libs.