2013.01.26 22:00:11 (295274960048504832) from Daniel J. Bernstein, replying to "Bert Hubert πΊπ¦ (@bert_hu_bert)" (295270488794595329):
Cryptanalytic attention is by far our best hope for figuring out which crypto is secure. @PowerDNS_Bert @justintroutman @matthew_d_green
2013.01.25 13:52:36 (294789871501996032) from "Matthew Green (@matthew_d_green)":
New blog: 'In defense of provable security', on @hashbreaker's recent comments. http://blog.cryptographyengineering.com/2013/01/in-defense-of-provable-security.html
2013.01.26 04:57:25 (295017575463673856) from "Justin Troutman (@justintroutman)", replying to "Matthew Green (@matthew_d_green)" (294789871501996032):
@matthew_d_green @hashbreaker Does it make sense to describe provable security as linking the security of a new design to an old problem?
2013.01.26 20:50:26 (295257409667076097) from Daniel J. Bernstein, replying to "Justin Troutman (@justintroutman)" (295017575463673856):
The pursuit of such a link encourages designers to add structure. Often the same structure helps attackers! @justintroutman @matthew_d_green
2013.01.26 21:42:25 (295270488794595329) from "Bert Hubert πΊπ¦ (@bert_hu_bert)":
@hashbreaker @justintroutman @matthew_d_green I see how provable security helps the attacker. But what is the alternative? Defense in depth?