The curious tendency among cryptographers to believe that they need to make any OOB access the attacker suggests in order to be “constant-time”.
-
-
Replying to @volatile_void
Fuck, are we still talking about “constant-time” in 2017? Even if they do it right, IT’S NOT ENOUGH.
2 replies 0 retweets 1 like -
-
-
Replying to @volatile_void
If I had a dollar for every allegedly constant-time primitive written in C, I could buy a nice car. You cannot claim C code to be constant time, because the C abstract machine has no model of time.
2 replies 4 retweets 9 likes -
Replying to @stephentyrone @volatile_void
You can't even claim constant-time for most assembly code unless you tie it to a specific µarchitecture, because most ISAs make no guarantee of a constant-time for the instructions you're using.
2 replies 0 retweets 0 likes -
Replying to @stephentyrone @volatile_void
pusha ; cpuid ; popa between every pair of instructions. ;-)
2 replies 0 retweets 1 like -
Replying to @RichFelker @volatile_void
I’m actually not convinced that suffices in the face of cache eviction attacks.
1 reply 0 retweets 0 likes
Ok, 1000 pusha,popa pairs to blow away the whole cache.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.