@funkylab it is funny you use the sentence about not needing to understand how things actually work because in how things actually work, the high-level language that preserves “constant-time”, as the property is called, doesn't exist, and while OpenSSL developers appear to have the energy to produce assembly versions for all the targets on which one wants to execute cryptographic primitives, many other developers do not. If you factor in the fact that the protocol that uses the crypto primitives must be implemented in “constant time” too, the whole is always at least partly written in a high-level language, and the language in question never understands constant time or secrets that mustn't be copied willy-nilly. This is how things actually work.
=> More informations about this toot | View the thread | More toots from void_friend@tech.lgbt
=> View funkylab@mastodon.social profile
text/geminiThis content has been proxied by September (ba2dc).