On Wednesday, 25 October 2017 at 14:17:21 UTC, Jonathan M Davis
wrote:
The point still stands though that you have to be _very_
careful when implementing anything security related, and it's
shockingly easy to do something that actually leaks information
even if it's not outright buggy (e.g. the timing of the code
indicates something about success or failure to an observer)
Fun read: http://cr.yp.to/papers.html#cachetiming - a cache
timing attack on AES recovering full key. This flaw was accounted
for in Salsa and Chacha design.
