So, if you want to backdoor implementations, define standards that need to be in h/w to be correct + fast: AES, GCM: http://www.links.org/?p=1283
@damienmiller @marshray Ex: People choose hardware implementations of AES-GCM b/c they are supposed to be constant-time but who verifies it?
-
-
@BRIAN_____@marshray symmetric cipher timing leaks seem too noisy and expensive for mass surveillanceThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.