What a great coincidence that this came up. I'm in the process of organizing a crypto-themed rust meetup. Would anyone like to give a talk about something crypto related?
On Tue, Sep 30, 2014 at 11:12 AM, Tony Arcieri <basc...@gmail.com> wrote: > On Tue, Sep 30, 2014 at 10:05 AM, Brian Anderson <bander...@mozilla.com> > wrote: > >> I've been told by LLVM folks that getting LLVM to do constant time code >> generation is essentially hopeless, and it should just be written in asm. >> One could start by compiling with LLVM, then hand-inspecting the output. >> > > That's unfortunate. It would probably be good for any pure Rust > implementation of any cryptographic primitive to do a timing variability > study on the main CPU architectures they intend for their code to be run > on. Perhaps I'll work on a tool to do that ;) > > If any you are curious why this is a problem, I'd suggest taking a look at > djb's original cache timing attacks paper, where he demonstrates > over-the-network AES key recovery using cache timing sidechannels in > OpenSSL: > > http://cr.yp.to/antiforgery/cachetiming-20050414.pdf > > Things get worse when you're talking about two VMs that are cotenant on > the same hypervisor, or shared hosting systems in general. > > -- > Tony Arcieri > > _______________________________________________ > Rust-dev mailing list > Rust-dev@mozilla.org > https://mail.mozilla.org/listinfo/rust-dev > >
_______________________________________________ Rust-dev mailing list Rust-dev@mozilla.org https://mail.mozilla.org/listinfo/rust-dev
