Constant time crypto is mostly math nerds showing off. Determine the worst case time for an algorithm and spin for that amount.
-
-
we already had this discussion. I agreed with you, people with actual experience explained why we were wrong
2 replies 0 retweets 3 likes -
Replying to @bahstgwamt @kragen and
*shrugs* Yeah, I've seen their threat models. Yeah, sure, not what we're defending against.
1 reply 0 retweets 1 like -
I only vaguely recall that discussion, but IIRC IMO the threat models were fine and you were wrong. But we need s/constant time/timing-safe/
1 reply 0 retweets 4 likes -
Realistically & under relevant threat models, we can't have & don't need constant time; we need time & resource usage independent of secrets
4 replies 2 retweets 15 likes -
Yeah, that's basically what I was arguing, constant time math is one of several ways to achieve secret independent timing and it's harder.
1 reply 0 retweets 2 likes -
IIRC, you were arguing for spinning until worst case time, and that's secret-dependent resource usage, so it's susceptible to side-channels
3 replies 0 retweets 6 likes -
Spin, keep adding and multiplying, whatever. I don't actually see code as a path to TEMPEST security. You need to know your attackers data.
2 replies 1 retweet 1 like -
Time and exposed computational power can be survived. RF side channels, electrical side channels, fundamentally unbound and insecurable.
1 reply 0 retweets 3 likes -
Even constant time math is useless against a sufficiently intrusive electrical probe.
3 replies 0 retweets 1 like
it sounds like you see two attack classes: remote (timing-only) and physical. but there are other cases, like unprivileged bad software
-
-
I have a whole taxonomy around this. A lot of reduced privilege environments are at best, best effort.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.