There are a string of these posts going back to 2009. Not "updated every 3 years", but it looks to me like we get an update when important advice has changed at least. I may have missed some, but from my bookmarks I have:
So not every 3 years, but if you read through you'll notice a _lot_ of each update pretty much says "use the same advice as last time."
It's not clear who wrote the most recent Latacora post, but it's Thomas Ptacek's company, and the original 2009 post was by Colin Percival. If you've been around here for a while you'll probably recognise those names, they's #1 and #60 here: https://news.ycombinator.com/leaders At least in my head, both have serious credibility over many years in this subject space.
The 2018 Latacora post says:
"This content has been developed and updated by different people over a decade. We’ve kept what Colin Percival originally said in 2009, Thomas Ptacek said in 2015, and what we’re saying in 2018 for comparison. If you’re designing something today, just use the 2018 Latacora recommendation."
I started Latacora with Erin and Jeremy in 2016, and wrote the last "Right Answers" post with their name on it, but Erin and I haven't worked there since 2020.
2009: https://www.daemonology.net/blog/2009-06-11-cryptographic-ri...
2015: https://gist.github.com/tqbf/be58d2d39690c3b366ad
2018: https://www.latacora.com/blog/2018/04/03/cryptographic-right...
2024: https://www.latacora.com/blog/2024/07/29/crypto-right-answer...
So not every 3 years, but if you read through you'll notice a _lot_ of each update pretty much says "use the same advice as last time."
It's not clear who wrote the most recent Latacora post, but it's Thomas Ptacek's company, and the original 2009 post was by Colin Percival. If you've been around here for a while you'll probably recognise those names, they's #1 and #60 here: https://news.ycombinator.com/leaders At least in my head, both have serious credibility over many years in this subject space.
The 2018 Latacora post says:
"This content has been developed and updated by different people over a decade. We’ve kept what Colin Percival originally said in 2009, Thomas Ptacek said in 2015, and what we’re saying in 2018 for comparison. If you’re designing something today, just use the 2018 Latacora recommendation."