top | item 39964585

(no title)

mcspiff | 1 year ago

I’m not sure you can really categorize rust as a high level language, unless you’re stating crypto primitives should only be written in assembly.

EDIT: Given this attack was also applied to OpenSSL, amongst many others this high level language comment seems doubly odd/dubious

EDIT2: another rust TLS implementation was among only 3 that was initially verified to be not vulnerable as well..

discuss

karma_pharmer|1 year ago

unless you’re stating crypto primitives should only be written in assembly

Yes, that's exactly what I'm stating.

Have a look at openssl, boringssl, nspr, etc. They all implement the core modular arithmetic for RSA and the s-box table for AES using assembly language. There is no reliable way to prevent a C compiler from "optimizing" your constant-time code into non-constant-time code.

another rust TLS implementation

rustls uses assembler (from boringssl) for these routines. It is not 100% rust, and that's a good thing.

unknown|1 year ago

[deleted]