Some resources for people interested in these security issues:

   * http://cr.yp.to/talks.html#2007.05.28 (how to avoid leakage from
     branches and caches; see the "Exercise: Forge IPsec packets" slide
     for some discussion of digest comparison)

   * http://cr.yp.to/mac/constanttime_isequal.c (2005 code for
     constant-time comparison; probably there are earlier references)

   * http://nacl.cr.yp.to (a high-security high-speed cryptographic
     library with no secret branches and no secret memory addresses)

   * http://cr.yp.to/papers.html#coolnacl (new paper discussing various
     cryptographic disasters addressed by this library)

---D. J. Bernstein
   Research Professor, Computer Science, University of Illinois at Chicago
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to