Colin: if you post this bounty publicly anywhere, you have my permission to note also my commitment to match the bounty, which will remain ongoing until either (a) your bounty changes, or (b) I notify you otherwise (which is unlikely).
Good luck, everyone. I will be surprised and happy if this HN comment costs me anything. :)
you have my permission to note also my commitment to match the bounty
Thanks! I've updated the blog post with a link to this comment.
But if there was anyone whose code I would bet on, your name at the top of the list anyways!
Well, we've already established that the code was wrong...
Hah, it's been a while since I read:
Makes me feel a little less bad for the Debian issue with (way!) too low entropy in key-generation.
Refactoring code using crypto dangerous :-/
Have you considered creating a 2.0 on top of NaCL? I could see that it would probably not be a good idea to actually throw out all the existing tarsnap-code etc -- I generally just mean if you'd want to move to a simple, yet "batteries-included"/shrink-wrapped crypto library?