Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Constant Time Story #43

Open
gereeter opened this issue Oct 26, 2015 · 1 comment
Open

Constant Time Story #43

gereeter opened this issue Oct 26, 2015 · 1 comment
Labels
A-implementation A-security C-timing-attacks K-hard M-crypto P-high
Milestone
v0.1.2

Comments

@gereeter
Copy link

Currently Octavo seems to pay very little attention to resisting side-channel attacks (see e.g. the use of data-dependent array indices in blowfish and the use of noncryptographic big integers in RSA). While this isn't critical for some cryptographic settings, many applications (e.g. TLS) can easily be broken by timing attacks. Octavo should probably decide what its plan is.
@hauleth
Copy link
Member

hauleth commented Oct 27, 2015

For now I focus on implementing stuff without too much concern about speed or implementation fails (like side-channel attacks). But I nomine it high as it should be first thing to be concerned about when I finish implementing most stuff. There probably will land more crates like ct, bn and others that main task will be resolve issues that you have pointed.

@hauleth hauleth modified the milestone: v0.1.1-alpha Oct 27, 2015
@hauleth hauleth modified the milestones: v0.1.1, v0.1.2 Sep 18, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-implementation A-security C-timing-attacks K-hard M-crypto P-high
Projects
None yet
Milestone
v0.1.2
Development

No branches or pull requests
2 participants
@hauleth @gereeter