For cryptographic software, I strongly disagree. The most widely used libraries do the right thing here. Libgcrypt is the exception and regarded as such by everyone I know in the crypto community.
-
-
To be fair, part of my original tweet was "update often". Even if not this one, we *will* keep discovering things. It is critical that people are reliably updating their crypto at this point. Systems locked into old crypto libs have a serious problem.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
OTOH, if it's true that this is even less powerful than the existing cache timing attacks then it would be nothing new to worry about.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.