On Tue, 2022-11-22 at 17:13 +0100, Fabio Valentini wrote: > - rust-curve25519-dalek Asymmetric cryptography in pure rust should not be used, there is still no support in the language for constant time operations, which means there is a fat chance these implementations are susceptible to trivial timing attacks. The only caveat is if the "pure rust" implementation actually embeds assembly optimization for modular arithmetic that are explicitly addressing constant time computation. I am not aware of that being the case in any rust libraries yet. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
