2020.04.18 01:40:12 (1251294422496505856) from Daniel J. Bernstein, replying to "JP Aumasson (@veorq)" (1251244090928267265):
It's not just "lots". The cryptographic community as a whole systematically flunks @nntaleb's "skin in the game" requirement for risk management. How often do we as cryptographers think that the damage caused by cryptographic failures will make _us_ suffer?
2020.04.18 01:47:09 (1251296168492986368) from Daniel J. Bernstein:
Because we're driven primarily by publications, we have a perverse incentive to screw up again and again and again in supposedly new and exciting ways, so that we can continue writing papers. That's why as a community we keep ignoring users who ask us to be much more careful.
2020.04.18 01:49:05 (1251296656739332096) from Daniel J. Bernstein:
Of course we put _some_ sort of requirements on cryptosystems to control the size of the literature and maintain the prestige of publications, but we have little incentive to match these requirements to what the users want, and we have an incentive _against_ being super-careful.
2020.04.18 01:56:02 (1251298404010876928) from Daniel J. Bernstein:
We blame broken cryptosystems for being broken, and use them as motivation to build new cryptosystems. We refuse to assign any blame to the meta-system that keeps producing, and often deploying, one broken cryptosystem after another. We _want_ the meta-system. It gives us papers.
2020.04.18 02:02:08 (1251299938857713664) from Daniel J. Bernstein:
As a community we systematically refuse to measure and optimize how well we're doing at proactively avoiding errors and protecting users. Avoiding errors would make papers too hard to write. Protecting users would make papers too hard to write. The incentive structure is broken.
2020.04.18 02:10:40 (1251302089847746560) from Daniel J. Bernstein:
Is the problem just crypto papers? No. People specializing in writing crypto standards and people specializing in writing crypto software would also be damaging their own careers if they were as careful as the users wanted. Failure is rewarded by investment.
2020.04.17 22:20:12 (1251244090928267265) from "JP Aumasson (@veorq)":
"Lots of people working in cryptography have no deep concern with real application issues. They are trying to discover things clever enough to write papers about." —Whit Diffie