The cr.yp.to microblog: 2011.12.05 13:44:24

2011.12.05 13:44:24 (143672065042558976) from Daniel J. Bernstein, replying to "Pascal Junod (@cryptopathe)" (143590460747821056):

@cryptopathe Let's try an example: the new DTLS security disaster in both OpenSSL and GnuTLS. Do you recommend using DTLS? It's a standard!

Context

2011.12.03 09:46:28 (142887412547321857) from "Paul Crowley (@ciphergoth)", replying to "(@aleks___0)" (142732553269424128):

@sasha_crypto @cryptopathe Re Salsa20 > AES: Subjective maybe, but I'm inclined to believe it all the same.

2011.12.03 10:41:23 (142901230912540674) from "Pascal Junod (@cryptopathe)", replying to "Paul Crowley (@ciphergoth)" (142887412547321857):

@ciphergoth @sasha_crypto In practice, people tend to use standardized algorithms, which is a good security practice.

2011.12.04 13:04:49 (143299717613359104) from Daniel J. Bernstein, replying to "Pascal Junod (@cryptopathe)" (142901230912540674):

@cryptopathe Using standards is "good security practice"? Really? Using standard RSA-512 in 1998? Standard MD5-based certificates in 2008?

2011.12.05 08:20:08 (143590460747821056) from "Pascal Junod (@cryptopathe)":

@hashbreaker Do you recommend *not* using RSA-OAEP, RSA-PSS, AES, ECDSA, ECDH, TLS, SHA2 because of security concerns ?