-
-
Replying to @jrmithdobbs
@jrmithdobbs and in the absence of a native implementation is full of timing sidchannels that can be used to recover private keys4 replies 0 retweets 0 likes -
Replying to @jrmithdobbs
@bascule Think the real issue comes in bootstrapping the environment and it being forced to be tied to x509/TLS in the real world right now.1 reply 0 retweets 0 likes -
Replying to @jrmithdobbs
@bascule combined with the semantics of JS scoping you never REALLY know what code's running. Timing side channels seem resovable in comp1 reply 0 retweets 0 likes -
Replying to @jrmithdobbs
@bascule thankfully w3c determined to ensure this never gets improved. Lol web crypto or whatever they called that worthless shit.2 replies 0 retweets 0 likes -
Replying to @jrmithdobbs
@bascule but re: the timing issue, can be addressed somewhat by repurposing wheat/chaff concept and burning cycles using random junk keys.1 reply 0 retweets 0 likes -
Replying to @jrmithdobbs
@bascule just expensive and inefficient. I think hw getting to point where feasible for real application tho.1 reply 0 retweets 0 likes -
Replying to @jrmithdobbs
@bascule I mean, we can't just give up on platforms with timing issues. Just for browser based JS that's the least of the problems.1 reply 0 retweets 0 likes -
Replying to @jrmithdobbs
@jrmithdobbs I'm not sure what crack you're smoking but keep it to yourself, please1 reply 0 retweets 0 likes
@jrmithdobbs or go hang out with these guys, they're doing a great job of terrible JS crypto: http://calvinmetcalf.com/post/104082905653/porting-node-js-crypto-to-the-browser-part-1-all …
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.