Early std.crypto
bcs
bcs at example.com
Fri Nov 4 19:52:02 PDT 2011
On 11/04/2011 04:27 AM, Piotr Szturmaj wrote:
> bcs wrote:
>> Are you re-implementing the function kernels your self or are you using
>> an existing implementation? Given what I've heard about things like
>> side-channel attacks using processing times to recover keys, I'd rather
>> not see Phobos use anything written by less than the best expert
>> available.
>
> Until now, I implemented some hash functions. There are no branching
> instructions in their transform() routines, so theoretically processing
> time is independent of the function input.
From my very incomplete memory I found the source I was looking for (I
googled for "aes interperative dance") here
http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html
Look for "Foot-Shooting Prevention Agreement" in one of the images
~20-25% of the way down.
tl;dr; It mentions "cache-based, timing, and other side channel
attacks". Unless you can explain to me what those are, in painful
detail, I don't think we should trust you to avoid them. Get a good
vetted C implementation and wrap it with a nice D API and call it a day.
More information about the Digitalmars-d
mailing list