2017.06.14 22:57:38 (875094905537933312) from Daniel J. Bernstein, replying to "Adam Langley (@agl__)" (875076629214543873):
NIST demanding 2^n preimage security for SHA3-n was always about optics (can't let SHA-2 sound better!), not any legitimate fear or caution.
2017.06.14 21:45:01 (875076629214543873) from "Adam Langley (@agl__)", replying to "Brian Smith (@BRIAN_____)" (875071469511778304):
I think the Wang attacks resulted in excessive fear and caution, making SHA-3 candidates excessively cautious.