Pull request to start building guidelines around writing crypto software in a post-Spectre world:
https://github.com/HACS-workshop/spectre-mitigations/pull/2 …
Can see the initial draft guidelines here:
https://github.com/chandlerc/spectre-mitigations/blob/4aa1019f6add0940611152f8cc5cc4d873f36691/crypto_guidelines.md …
@cryptojedi - as promised. =D Comments / feedback very welcome.
-
Show this thread
-
And landed: https://github.com/HACS-workshop/spectre-mitigations/blob/master/crypto_guidelines.md … Pull requests to improve are always welcome!
2 replies 0 retweets 4 likesShow this thread
Replying to @chandlerc1024
Here’s the culmination of some concrete work that implements rule 1, which is directly relevant to many crypto libs: https://boringssl.googlesource.com/boringssl/+/0a211dfe91588d2986a8735e1969dd9202a8b025%5E!/ …. A trickier case is choosing non-constant-time algorithms for even inputs in cases where secret inputs are always known to be odd.
10:25 AM - 27 Mar 2018
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.