Is there an Ed22519 implementation for Rust yet? Also, I take it none of this is actually secure yet, since it's not been audited and lacks time-constant code and what not
On Tue, Sep 30, 2014 at 11:29 PM, Tony Arcieri <basc...@gmail.com> wrote: > I already talked to you about giving a talk so seems good ;) > > I also had various point me at rust-crypto's implementation and it is much > better than I realized. It's using the asm! macro to take advantage of a > lot of neat Intel features including AES-NI acceleration. That's great! > > I also learned about the existence of the asm! macro in the process. It'd > be really interesting to see someone try to reimplement rust-constanttime > in ASM. That should solve any worries about LLVM optimizations, and provide > a good building block for implementing crypto in otherwise pure Rust, > specifically for things like RSA or ECC. > > On Tue, Sep 30, 2014 at 8:19 PM, Erick Tryzelaar < > erick.tryzel...@gmail.com> wrote: > >> What a great coincidence that this came up. I'm in the process of >> organizing a crypto-themed rust meetup. Would anyone like to give a talk >> about something crypto related? >> >> On Tue, Sep 30, 2014 at 11:12 AM, Tony Arcieri <basc...@gmail.com> wrote: >> >>> On Tue, Sep 30, 2014 at 10:05 AM, Brian Anderson <bander...@mozilla.com> >>> wrote: >>> >>>> I've been told by LLVM folks that getting LLVM to do constant time code >>>> generation is essentially hopeless, and it should just be written in asm. >>>> One could start by compiling with LLVM, then hand-inspecting the output. >>>> >>> >>> That's unfortunate. It would probably be good for any pure Rust >>> implementation of any cryptographic primitive to do a timing variability >>> study on the main CPU architectures they intend for their code to be run >>> on. Perhaps I'll work on a tool to do that ;) >>> >>> If any you are curious why this is a problem, I'd suggest taking a look >>> at djb's original cache timing attacks paper, where he demonstrates >>> over-the-network AES key recovery using cache timing sidechannels in >>> OpenSSL: >>> >>> http://cr.yp.to/antiforgery/cachetiming-20050414.pdf >>> >>> Things get worse when you're talking about two VMs that are cotenant on >>> the same hypervisor, or shared hosting systems in general. >>> >>> -- >>> Tony Arcieri >>> >>> _______________________________________________ >>> Rust-dev mailing list >>> Rust-dev@mozilla.org >>> https://mail.mozilla.org/listinfo/rust-dev >>> >>> >> > > > -- > Tony Arcieri > > _______________________________________________ > Rust-dev mailing list > Rust-dev@mozilla.org > https://mail.mozilla.org/listinfo/rust-dev > >
_______________________________________________ Rust-dev mailing list Rust-dev@mozilla.org https://mail.mozilla.org/listinfo/rust-dev
