Re: fast or slow crypto?

看板FB_security作者時間11年前 (2014/06/28 19:32), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串4/4 (看更多)
John-Mark Gurney wrote this message on Wed, Jun 25, 2014 at 18:22 -0700: > Subj is more limited by your attack profile, than purely fast crypto.. > In some cases the crypto can be made reasonably fast while being > secure against side channel analysis, but in other cases (GHASH) it's > pretty much one (slow and secure) or the other (fast and insecure)... So, one point I somewhat forget in this is that the version of software AES in the kernel (that this new GHASH would go with) is vulnerable to side-channel attacks... So, we are already in the fast and less secure side of the equation.. There are lots of interesting optimizations that can made, including a version of AES that uses SSE registers, is constant time, and faster than the Sbox lookup version... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 jmg. 的文章
文章代碼(AID): #1JhgUofB (FB_security)
更多 jmg. 的文章
文章代碼(AID): #1JhgUofB (FB_security)