On Tue, 10 Mar 2015 20:33, maricelgregorasc...@yahoo.com said: > I admit I haven't looked at the AES-NI instruction set, but I've read > that it could be easy for the CPU to reconstruct the key from a
Possible. It is also easy to detect the instructions used for software based AES keyscheduling and leak the key from that knowledge. I'd pick AES-NI for its better performace and SCA resistance. RDRAND for random numbers is a different story. No sane crypto tool should soley rely on this instruction. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
