[akira2501]

> but to posit that Aumasson was compromised by a TLA(with no evidence) and that this paper is the result is pure conspiracy thinking.

Except we have some evidence that the NSA has compromised processes in exactly this way before. The OP was just asking a question and suggesting a likely and known mechanism for perfidy, he didn't actually posit that it was true.

[barnabee]

Correct. I have no reason to believe Aumasson was compromised, but it’s certainly happened before that people in similar positions have been.

Regardless of whether there’s a third party with an ulterior motive or it’s (more likely) simply the author’s genuine opinion, the paper “Too Much Crypto” seems ok with limiting the security of cryptography to levels that may not be secure against the most advanced and well-resourced adversaries:

> “But what if your adversary is NSA or Mossad? Won’t they have the computing capabilities to run a 280 attack?” Such a question is irrelevant. If your problem is to protect against such adversaries, the answer is probably not cryptography.”

You may agree with that, too. But it’s quite an opinionated stance and one that I’d expect to see clearly signposted and explained in API docs, and for the more expensive and secure alternative to also be available.

[d-z-m]

There comes a point when "just asking questions" crosses a line into conspiratorial theory crafting. I can ask all kinds of crazy questions, like: "what if the world is run by a species of lizard people who live underground?". In the absence of evidence, it's pointless to debate such things. In general, people should be allergic to thinking in this way. That's not to say that conspiracies never happen, they do. However, it's on you to substantiate your insane claims, it isn't on your interlocutors to prove that they aren't true.