The cr.yp.to microblog: 2011.12.04 13:04:49

2011.12.04 13:04:49 (143299717613359104) from Daniel J. Bernstein, replying to "Pascal Junod (@cryptopathe)" (142901230912540674):

@cryptopathe Using standards is "good security practice"? Really? Using standard RSA-512 in 1998? Standard MD5-based certificates in 2008?

Context

2011.12.02 23:31:07 (142732553269424128) from "(@aleks___0)":

"Salsa20 is better than AES" claims in NaCL library http://eprint.iacr.org/2011/646 seem subjective: AES was scrutinized way more than Salsa #crypto

2011.12.03 09:46:28 (142887412547321857) from "Paul Crowley (@ciphergoth)", replying to "(@aleks___0)" (142732553269424128):

@sasha_crypto @cryptopathe Re Salsa20 > AES: Subjective maybe, but I'm inclined to believe it all the same.

2011.12.03 10:41:23 (142901230912540674) from "Pascal Junod (@cryptopathe)", replying to "Paul Crowley (@ciphergoth)" (142887412547321857):

@ciphergoth @sasha_crypto In practice, people tend to use standardized algorithms, which is a good security practice.