Re OpenSSL's BN_CONSTTIME_SWAP: Purportedly "constant-time" code should not be written in C, full stop.https://stackoverflow.com/questions/29149058/does-memory-dependence-speculation-prevent-bn-consttime-swap-from-being-constant …
-
-
Replying to @daniel_bilar
@daniel_bilar@solardiz I maintain if you want constant time, spin lock to a multiple of maximum time. Requires you to track that though.3 replies 1 retweet 0 likes -
Replying to @dakami
@dakami@daniel_bilar Note that those "other tasks" may be instances of the same network service, so remote measurements might be possible1 reply 0 retweets 1 like -
Replying to @solardiz
@solardiz@daniel_bilar yeah, we've replaced "actually possible" with "might be possible" and hoped nobody would notice1 reply 0 retweets 1 like -
Replying to @dakami
@dakami@daniel_bilar If you replace the current approach with spinning until time reached, you replace "probably OK" with "probably not OK"2 replies 0 retweets 0 likes -
Replying to @solardiz
@solardiz@daniel_bilar I don't think trying to write everything constant time scales. And I see all these attacks only working on LAN.4 replies 3 retweets 2 likes
@dakami @solardiz @daniel_bilar "Works on a LAN" means "attacker can buy privileged network vantage point for $20 from your cloud provider."
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.