The cr.yp.to microblog: 2013.01.16 10:17:28

2013.01.16 10:17:28 (291474239717011456) from Daniel J. Bernstein, replying to "CodesInChaos (@CodesInChaos)" (291231812443848704):

@CodesInChaos @matthew_d_green Submissions for AES, SHA-3, etc. all started out "non standard", "less analyzed", "implemented in few libs".

Context

2013.01.15 16:45:44 (291209561979883521) from "Matthew Green (@matthew_d_green)", replying to "JP Aumasson (@veorq)":

@aumasson So do authenticated modes of operation count as authenticated ciphers?

2013.01.15 17:55:55 (291227225427177473) from Daniel J. Bernstein, replying to "Matthew Green (@matthew_d_green)" (291209561979883521):

@matthew_d_green AES + an AE mode will give you an authenticated cipher, but teaming up with a cipher designer should give better results!

2013.01.15 18:14:09 (291231812443848704) from "CodesInChaos (@CodesInChaos)":

@hashbreaker @matthew_d_green But comes at a high price. You get a non standard, less analyzed primitive that's implemented in few libs.