2013.01.29 11:07:48 (296197949455749120) from Daniel J. Bernstein, replying to "Claudio Orlandi (@claudiorlandi)" (296183083873468416):
@claudiorlandi The interesting cases are where cryptanalysts and theoreticians make _opposite_ recommendations. Everybody criticizes SSL!
2013.01.24 16:22:07 (294465109613477889) from Daniel J. Bernstein:
Some evidence that "provable security" is negatively correlated with actual security: http://cr.yp.to/talks/2013.01.23/slides.pdf
2013.01.25 15:36:48 (294816091828547584) from "Claudio Orlandi (@claudiorlandi)":
@hashbreaker "structure" might be bad for hashing but how are we going to do secure public key systems without it?
2013.01.26 20:32:34 (295252913574539265) from Daniel J. Bernstein, replying to "Claudio Orlandi (@claudiorlandi)" (294816091828547584):
PK doesn't avoid the issue. Example: No competent cryptanalyst would recommend the Eurocrypt 2009 Hofheinz--Kiltz system. @claudiorlandi
2013.01.29 10:08:44 (296183083873468416) from "Claudio Orlandi (@claudiorlandi)":
@hashbreaker is SSL/TLS better than any key exchange protocol with a proof of security?