"the ranting on mailing lists, meanwhile, will fade into the archives..."

Only if time proves DJB wrong.

To me this is the worst sort of journalism - couched in neutral language, it's an editorial piece disguised as a 'facts' piece.

Facts - DJB, largely right, at times a decade+ early, is fighting with standards boards. He does not believe the NSA has come off their long-standing approach to keep industry cryptography protocols weaker than five eyes cryptanalysis tools. The NSA's former employees, in the chain of command at the standards board, disagree with this characterization, and offer no proof to the contrary (if such a thing were possible).

Put another way, just because DJB is paranoid and coming across as strident right now does not mean he's wrong.

We really benefitted globally in the late 1990s from the cypherpunk movement getting legal coverage; the anti-government hacker mentality and culture that formed when writing about cryptography was mostly illegal, when allowed to publish and deliver to industry, brought real safety to billions of humans through better cryptographic protocols. Unfortunately, I'm not aware of an area where that same ethos is alive right now - in this way DJB's a dinosaur - and people a generation younger than him don't understand where he came from, and in this case, I think, don't understand how to use his viewpoint as a way to assess the world. It's not the only viewpoint, but it's an extremely useful one.

Not only that, it's a viewpoint that has asymmetric benefit - if he's wrong, well then, we just added a little useful safety. If he's right, then, thank God someone did something about it.

> the way he went about it — the accusatory tone, the refusal to compromise or even acknowledge that others might simply have honest differing opinions

...is entirely familiar and not a recent phenomena. He dismissed me as a "BIND company shill" during an IETF meeting in... 2008(?) for pointing out some (minor) implementation issues I saw with DNSCurve.

This reads very LLM-y, misses huge chunks of the story (multiple paragraphs on "clamping" and static ECDH, a single line on Ristretto and nothing on signature schemes, which is where that matters), has a breathless tone about Chapoly and Nacl that is totally unwarranted, misses almost all the NIST PQC drama, most of which was not in fact about hybrid cryptography, and in the end doesn't offer any analysis, just this bad re-telling.

My guess is someone had this generated as part of some dumb pressure campaign. It's weird.

(It's funny that people are chiming in to call this a "hit piece"; if anything, it's twisting itself into pretzels to be charitable to Bernstein's IETF involvement. I assume whoever generated it supports him.)

Anonymous hit piece.

DJB, like RMS, has proven over decades that he is swayed only by principles. When these people sound the alarm, you should listen. Even if they are nerdy folks.

I first encountered djb's work back in the 90's with qmail and djbdns, where he took a very different and compartmentalized approach to the more common monolithic tooling for running email and DNS. I'd even opine that the structure of these programs are direct ancestors to modern microservice architectures, except using unix stdio and other unix isolation mechanisms.

He's definitely opinionated, and I can understand people being annoyed with someone who is vociferous in their disagreement and questioning the motives of others, but given the occasional bad faith and subversion we see by large organizations in the cryptography space, it's nice to have someone hypervigilant in that area.

I generally think that if djb thinks something is OK in terms of cryptograpy, it's passed a very high analytical bar.

The article is complete drivel and most probably sponsored by an US agency.

I trust DJB even more after reading this and so should you.