To me this is the worst sort of journalism - couched in neutral language, it's an editorial piece disguised as a 'facts' piece.
Facts - DJB, largely right, at times a decade+ early, is fighting with standards boards. He does not believe the NSA has come off their long-standing approach to keep industry cryptography protocols weaker than five eyes cryptanalysis tools. The NSA's former employees, in the chain of command at the standards board, disagree with this characterization, and offer no proof to the contrary (if such a thing were possible).
Put another way, just because DJB is paranoid and coming across as strident right now does not mean he's wrong.
We really benefitted globally in the late 1990s from the cypherpunk movement getting legal coverage; the anti-government hacker mentality and culture that formed when writing about cryptography was mostly illegal, when allowed to publish and deliver to industry, brought real safety to billions of humans through better cryptographic protocols. Unfortunately, I'm not aware of an area where that same ethos is alive right now - in this way DJB's a dinosaur - and people a generation younger than him don't understand where he came from, and in this case, I think, don't understand how to use his viewpoint as a way to assess the world. It's not the only viewpoint, but it's an extremely useful one.
Not only that, it's a viewpoint that has asymmetric benefit - if he's wrong, well then, we just added a little useful safety. If he's right, then, thank God someone did something about it.
This reads very LLM-y, misses huge chunks of the story (multiple paragraphs on "clamping" and static ECDH, a single line on Ristretto and nothing on signature schemes, which is where that matters), has a breathless tone about Chapoly and Nacl that is totally unwarranted, misses almost all the NIST PQC drama, most of which was not in fact about hybrid cryptography, and in the end doesn't offer any analysis, just this bad re-telling.
My guess is someone had this generated as part of some dumb pressure campaign. It's weird.
(It's funny that people are chiming in to call this a "hit piece"; if anything, it's twisting itself into pretzels to be charitable to Bernstein's IETF involvement. I assume whoever generated it supports him.)
Going a bit meta - this blog seems strange as its only other story is criticizing a member of the go community. The OP has posted this story, done so twice (first time was flagged) and has no other comments on HN.
There may also be a downvote brigade in this comment section.
I think this must be a bit. On the one hand you have this story about Bernstein, someone who has made a pastime out of weaponizing process in consensus organizations to drag progress to a halt when he's failed to coerce his preferred outcome; on the other hand you have a story villainizing Filippo Valsorda for not doing that, and avoiding standards organizations altogether.
I first encountered djb's work back in the 90's with qmail and djbdns, where he took a very different and compartmentalized approach to the more common monolithic tooling for running email and DNS. I'd even opine that the structure of these programs are direct ancestors to modern microservice architectures, except using unix stdio and other unix isolation mechanisms.
He's definitely opinionated, and I can understand people being annoyed with someone who is vociferous in their disagreement and questioning the motives of others, but given the occasional bad faith and subversion we see by large organizations in the cryptography space, it's nice to have someone hypervigilant in that area.
I generally think that if djb thinks something is OK in terms of cryptograpy, it's passed a very high analytical bar.
> the way he went about it — the accusatory tone, the refusal to compromise or even acknowledge that others might simply have honest differing opinions
...is entirely familiar and not a recent phenomena. He dismissed me as a "BIND company shill" during an IETF meeting in... 2008(?) for pointing out some (minor) implementation issues I saw with DNSCurve.
DJB, like RMS, has proven over decades that he is swayed only by principles. When these people sound the alarm, you should listen. Even if they are nerdy folks.
"Sponsored by a US agency". This right here is the DJB effect: when people LLM up articles that offer him qualified support and his own preferred framing, his fans come out of the woodwork to say they're generated by spies.
To me this is the worst sort of journalism - couched in neutral language, it's an editorial piece disguised as a 'facts' piece.
Facts - DJB, largely right, at times a decade+ early, is fighting with standards boards. He does not believe the NSA has come off their long-standing approach to keep industry cryptography protocols weaker than five eyes cryptanalysis tools. The NSA's former employees, in the chain of command at the standards board, disagree with this characterization, and offer no proof to the contrary (if such a thing were possible).
Put another way, just because DJB is paranoid and coming across as strident right now does not mean he's wrong.
We really benefitted globally in the late 1990s from the cypherpunk movement getting legal coverage; the anti-government hacker mentality and culture that formed when writing about cryptography was mostly illegal, when allowed to publish and deliver to industry, brought real safety to billions of humans through better cryptographic protocols. Unfortunately, I'm not aware of an area where that same ethos is alive right now - in this way DJB's a dinosaur - and people a generation younger than him don't understand where he came from, and in this case, I think, don't understand how to use his viewpoint as a way to assess the world. It's not the only viewpoint, but it's an extremely useful one.
Not only that, it's a viewpoint that has asymmetric benefit - if he's wrong, well then, we just added a little useful safety. If he's right, then, thank God someone did something about it.
Many clever people would benefit the world more if they had other people doing the advocacy work for them.
This reads very LLM-y, misses huge chunks of the story (multiple paragraphs on "clamping" and static ECDH, a single line on Ristretto and nothing on signature schemes, which is where that matters), has a breathless tone about Chapoly and Nacl that is totally unwarranted, misses almost all the NIST PQC drama, most of which was not in fact about hybrid cryptography, and in the end doesn't offer any analysis, just this bad re-telling.
My guess is someone had this generated as part of some dumb pressure campaign. It's weird.
(It's funny that people are chiming in to call this a "hit piece"; if anything, it's twisting itself into pretzels to be charitable to Bernstein's IETF involvement. I assume whoever generated it supports him.)
Going a bit meta - this blog seems strange as its only other story is criticizing a member of the go community. The OP has posted this story, done so twice (first time was flagged) and has no other comments on HN.
There may also be a downvote brigade in this comment section.
I think this must be a bit. On the one hand you have this story about Bernstein, someone who has made a pastime out of weaponizing process in consensus organizations to drag progress to a halt when he's failed to coerce his preferred outcome; on the other hand you have a story villainizing Filippo Valsorda for not doing that, and avoiding standards organizations altogether.
"the ranting on mailing lists, meanwhile, will fade into the archives..."
Only if time proves DJB wrong.
I first encountered djb's work back in the 90's with qmail and djbdns, where he took a very different and compartmentalized approach to the more common monolithic tooling for running email and DNS. I'd even opine that the structure of these programs are direct ancestors to modern microservice architectures, except using unix stdio and other unix isolation mechanisms.
He's definitely opinionated, and I can understand people being annoyed with someone who is vociferous in their disagreement and questioning the motives of others, but given the occasional bad faith and subversion we see by large organizations in the cryptography space, it's nice to have someone hypervigilant in that area.
I generally think that if djb thinks something is OK in terms of cryptograpy, it's passed a very high analytical bar.
> the way he went about it — the accusatory tone, the refusal to compromise or even acknowledge that others might simply have honest differing opinions
...is entirely familiar and not a recent phenomena. He dismissed me as a "BIND company shill" during an IETF meeting in... 2008(?) for pointing out some (minor) implementation issues I saw with DNSCurve.
Anonymous hit piece.
DJB, like RMS, has proven over decades that he is swayed only by principles. When these people sound the alarm, you should listen. Even if they are nerdy folks.
RMS has, at minimum, showed that he swayed by parrots, spider plants, and free plane tickets and guest lodgings.
[flagged]
"Sponsored by a US agency". This right here is the DJB effect: when people LLM up articles that offer him qualified support and his own preferred framing, his fans come out of the woodwork to say they're generated by spies.
Oh, probably fortuitous that I was blocked by Cloudflare.