[Cryptography] SHA-3 FIPS-202: no SHAKE512 but SHAKE128; confusing SHAKE security

[Krisztián Pintér]

On Wed, Aug 12, 2015 at 11:47 AM, Michal Bozon <michal.bozon at cesnet.cz> wrote:
> However, I do not think that overkill security is useless, nonsensical
> and stupid. The algorithm becomes useless when the algorithm is sufficiently
> broken.

well, in a sense, it is. overkill is by definition means no added
value. if it has any significant chance to be useful, we call it
security margin. overkill means you pay with loss of performance, for
nothing. it also means that some people will not be able to use it
(performance budget does not allow), so need to fall back on older or
less used algorithms. a broken algorithm is broken. it is much worse
than stupid or useless in cryptography. stupid has some value. broken
has none.

addition: afaik nist at one point considered adding a remark that
shakes are the preferred primitives. it is apparently missing from the
final document. which i find unfortunate.