On Tue, 2022-11-22 at 17:13 +0100, Fabio Valentini wrote:
> - rust-curve25519-dalek

Asymmetric cryptography in pure rust should not be used, there is still
no support in the language for constant time operations, which means
there is a fat chance these implementations are susceptible to trivial
timing attacks.

The only caveat is if the "pure rust" implementation actually embeds
assembly optimization for modular arithmetic that are explicitly
addressing constant time computation.

I am not aware of that being the case in any rust libraries yet.

Simo.

-- 
Simo Sorce
RHEL Crypto Team
Red Hat, Inc


_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to