On Sat, Mar 26, 2016 at 9:38 PM, Stanislav Malyshev <smalys...@gmail.com> wrote:
> Hi! > > > PHP already offers bin2hex()/hex2bin() and > base64_encode()/base64_decode(). > > This covers part, but not all, of RFC 4648. > > > > I'd like to extend the coverage to include, at minimum, Base32. > > What's the use case for it? Is anybody using base32 now? > > > I'd also like to make these functions to be written to resist > cache-timing > > attacks (i.e. when used to encode/decode encryption keys for long-term > > storage). Userland PoC: > https://github.com/paragonie/constant_time_encoding > > These modifications can either be made in-place (at a negligble cost on > the > > scale of nanoseconds) or they can be an alternative implementation. i.e. > > What modification needs to be done for existing one? Since encoding > functions (unlike comparison ones) have to process every bit anyway, so > what are timing differences for e.g. base64? Is there any existing > research for this? > > > > > * bin2hex_ts() > > * base64_encode_ts() > > * base32_encode_ts() > > If you have encode functions, you should have decode too? Otherwise, > you'd have the same issue every time the key is read. > > -- > Stas Malyshev > smalys...@gmail.com > Google Authenticator and Tor Hidden Services both use base32. I was also going to cover the decoding functions in the RFC. Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises <https://paragonie.com/>
