On Tue, Sep 30, 2014 at 10:05 AM, Brian Anderson <[email protected]> wrote:
> I've been told by LLVM folks that getting LLVM to do constant time code > generation is essentially hopeless, and it should just be written in asm. > One could start by compiling with LLVM, then hand-inspecting the output. > That's unfortunate. It would probably be good for any pure Rust implementation of any cryptographic primitive to do a timing variability study on the main CPU architectures they intend for their code to be run on. Perhaps I'll work on a tool to do that ;) If any you are curious why this is a problem, I'd suggest taking a look at djb's original cache timing attacks paper, where he demonstrates over-the-network AES key recovery using cache timing sidechannels in OpenSSL: http://cr.yp.to/antiforgery/cachetiming-20050414.pdf Things get worse when you're talking about two VMs that are cotenant on the same hypervisor, or shared hosting systems in general. -- Tony Arcieri
_______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
