On Tue, 2022-11-22 at 17:13 +0100, Fabio Valentini wrote: > - rust-curve25519-dalek
Asymmetric cryptography in pure rust should not be used, there is still no support in the language for constant time operations, which means there is a fat chance these implementations are susceptible to trivial timing attacks. The only caveat is if the "pure rust" implementation actually embeds assembly optimization for modular arithmetic that are explicitly addressing constant time computation. I am not aware of that being the case in any rust libraries yet. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue