What would be really useful is a way to get strongest-of-N *implementations*, but that's a lot harder than it sounds (sidechannels amplify).
@DefuseSec curious what sidechannels you're thinking of then. I was thinking of cache timing sidechannels
-
-
@bascule Was thinking of side channels processing the plaintext (line break algorithms, e.g. in an email client). But then I realized... -
@bascule ...you don't need to give the other implementation the plaintext at all. RCE vulns are a way better example of worst-of-N. -
@DefuseSec lol, RCE in an actual cipher implementation would be a catastrophic result indeed -
@bascule Yes, but remember we're talking about composing entire implementations, e.g. putting a .gpg file in a TrueCrypt container. -
@DefuseSec I was thinking more of Tahoe's "100 year cryptography" product cipher case /cc@zooko
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.