[tptacek]

It's not a theoretical attack.

https://news.ycombinator.com/item?id=10713064

[illumen]

The article says:

"We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack."

... which appears wrong, and even published after the other paper?

[detaro]

And the article linked by tptacek (by the same authors) builds on this and shows practical attacks.