Re OpenSSL's BN_CONSTTIME_SWAP: Purportedly "constant-time" code should not be written in C, full stop.https://stackoverflow.com/questions/29149058/does-memory-dependence-speculation-prevent-bn-consttime-swap-from-being-constant …
@dakami @daniel_bilar @solardiz Sleep is not an option for internal primitive ops but it's easy to do for the whole client-/user-visible op.
-
-
@RichFelker@dakami@daniel_bilar Unfortunately, sleep fails e.g. when trying to prevent concurrent username probing. Have to waste CPU. -
@solardiz@dakami@daniel_bilar Depends on the usage. E.g. in password hashing that can be solved by system-wide serialization of hashing. -
@RichFelker@dakami@daniel_bilar You'd have to serialize all requests, not just password authentication ones. Usually impractical. -
@solardiz@dakami@daniel_bilar Or dedicate a core/host. You lose computing power but at least don't pay for wasted electricity. -
@RichFelker@dakami@daniel_bilar Dedicating a core might not be good enough because of shared caches, buses, and power and thermal envelope -
@solardiz@RichFelker@daniel_bilar nobody wants to isolate computers and everyone wants isolation of some sort. Weird.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.