[Cryptography] Crypto Standards v.s. Engineering habits - Was: NIST about to weaken SHA3?

Sun Oct 6 18:35:48 EDT 2013

On Oct 5, 2013, at 9:29 PM, John Kelsey wrote:
> One thing that seems clear to me:  When you talk about algorithm flexibility in a protocol or product, most people think you are talking about the ability to add algorithms.  Really, you are talking more about the ability to *remove* algorithms.  We still have stuff using MD5 and RC4 (and we'll probably have stuff using dual ec drbg years from now) because while our standards have lots of options and it's usually easy to add new ones, it's very hard to take any away.  
Q.  How did God create the world in only 6 days?
A.  No installed base.
                                                        -- Jerry