@BRIAN_____ I hate that they write these two obfuscated lines instead of a function name that would double up as documentation…
@spun_off What conclusion did you reach, regarding the intent of this code? `constant_time_select`?
-
-
@BRIAN_____ bn_correct_top, visible in screenshot, leaks information from constant-time domain to dependent-time domain. -
@spun_off You are preaching to a very small choir here. (FWIW, I'm getting rid of all of the bn_correct_top stuff, at least in ECDH/ECDSA).
-
@BRIAN_____ I can wait until the first VM attack that's so sensitive that the complement of the choir becomes embarrassed. -
@spun_off My goal is to eliminate the need to even think about such things.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.