[Cryptography] SHA-3 FIPS-202: no SHAKE512 but SHAKE128; confusing SHAKE security

[Salz, Rich]

> Problem is, once the NSA has shifted in this direction, NIST comes out with
> standards for USG.

The law used to say that the NSA was the "expert" for NIST cryptography.  After it became known that NSA gamed the system, I believe NIST no longer feels beholden to do what NSA says.  I think some kind of law or regulation changed, but I could well be wrong on that last part.

Perhaps Tim Polk can speak up here?