Maybe making things more intelligible would help instead of using language that is extremely obfuscated and confusing, and unaccompanied by any actual mathematics?<p>Take this sentence from the email for instance:<p>"Even AES-GCM got screwed up: nonces should be counters, but all implementations make them random, introducing an artificial birthday bound issue due to truncation in the standard."<p>I have no idea WTF this means, but let's go over it:<p>nonce: I know this is a randomly generated number that can be only used once -- now why should it be a counter? No idea.<p>"but all implementations make them random": wait, aren't they supposed to be random by definition? According to the above line though, they are supposed to be random. Damn, what I knew must be wrong. I wonder if this person on the internet has submitted some sort of explanation about this somewhere.<p>'artificial birthday bound issue': Assuming this refers to the birthday attack (<a href="http://en.wikipedia.org/wiki/Birthday_attack" rel="nofollow">http://en.wikipedia.org/wiki/Birthday_attack</a>). Why is it "artificial"? Can we see some mathematical proofs attached please? I sort of get the idea here -- because the nonce is random, it is vulnerable to being recreated after a certain number of attempts, but there is nothing concrete attached here. Or I could be totally wrong in this interpretation. God knows, and maybe this chap.<p>"...due to truncation in the standard." -- Do you mean some sort of <i>mathematical</i> truncation, i.e. "my number was truncated to 16 bits", or truncation of the standard itself "the last section of the standard was removed"? Please be clear.<p>Same goes for most things related to crypto -- if you want stuff like TLS to be examined by more eyeballs and find more bugs, you have to first try and make it more accessible. The sentences above are, in my opinion, a complete communication failure.