undefined | Better HN

0 pointsduskwuff2y ago0 comments

> If hardware acceleration is not available it should fall back to software not fail to build.

It's not always possible to make the same security guarantees for these implementations. Software implementations of AES are frequently vulnerable to cache timing attacks, for example (e.g. [1]); even simple operations integer multiplication may not be constant-time on some architectures.

[1]: https://cr.yp.to/antiforgery/cachetiming-20050414.pdf

0 comments

api2y ago

Bit sliced AES is about as good as you can do. ARX ciphers like ChaCha are theoretically better but it’s also not possible to be 100% certain of constant time on every conceivable architecture. And what if the architecture is being emulated? All bets are off then.

At some point this gets pedantic. Just not supporting anything but x64 and ARM64 means any project using ring or a dependency that uses ring can’t build elsewhere which turns ring into a land mine dependency.

j / k navigate · click thread line to collapse

0 pointsduskwuff2y ago0 comments

> If hardware acceleration is not available it should fall back to software not fail to build.

[1]: https://cr.yp.to/antiforgery/cachetiming-20050414.pdf

0 comments

api2y ago

j / k navigate · click thread line to collapse