[jarfil]

They have a kind of impossible task: to create an encryption standard that will resist attacks carried by supercomputers but will work on as cheap a piece of hardware as possible... and let's make it backwards compatible too.

At some point they have to compromise, and security suffers.

[michaelt]

Isn't "create an encryption standard that will resist attacks by supercomputers but will work on as cheap a piece of hardware as possible" the aim of pretty much every encryption standard ever?

I don't deny it's a big challenge - but it's hardly a unique one.

[nothrabannosir]

I really would hope any sane encryption standard aims to satisfy this requirement. Otherwise why have encryption? Supercomputers are at any tom dick and harry's beck and call these days for a paltry fee.