@jedisct1 @whitequark …it is hard for me to tell what algorithm you use or how I can learn more about them or guess why they were chosen.
-
-
Replying to @mcclure111
@jedisct1@whitequark The reason I am enthusiastic about using things like AES or SHA-256 is I know they are well-tested.1 reply 0 retweets 0 likes -
Replying to @mcclure111
@jedisct1@whitequark But as a non-crypto-specialist, I lack familiarity with, for example, "Blake2b"6 replies 0 retweets 0 likes -
Replying to @mcclure111
@mcclure111 as a side note, AES is notoriously hard to use securely. E.g. high-speed AES is very susceptible to cache attacks3 replies 0 retweets 1 like -
Replying to @whitequark
@whitequark interesting. i'm looking at a paper about this from 2005-- i'm having a little bit of trouble understanding the attack model?2 replies 0 retweets 0 likes -
Replying to @mcclure111
@mcclure111 timing attacks. within same datacenter eg EC2 this is very plausible1 reply 0 retweets 0 likes -
Replying to @whitequark
@whitequark when i've used aes in the past a key was negotiated by two parties outside of the AES connection.1 reply 0 retweets 0 likes -
Replying to @mcclure111
@whitequark do you need to initiate a connection to take advantage of this? or can you be an evesdropper?2 replies 0 retweets 0 likes -
Replying to @mcclure111
@mcclure111 ask@bascule, he's way better at this than me :)1 reply 0 retweets 0 likes -
Replying to @whitequark
@whitequark@bascule bascule, why is everything terrible2 replies 0 retweets 0 likes
@mcclure111 @whitequark because people weren't measuring for timing variability, and AES is hard to implement correctly due to SBoxes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.