Hi Tadeusz, >> SSL/TLS is prone to this implementation issue and many user-space libraries got this wrong. It would be good to see >>some numbers to back-up the claim of timing differences as not being an issue for this one. >It is hard to get the implementation right when the protocol design is error prone. >Later we should run some tests on it and see how relevant will this be for a remote timing attack. Why later and who will do it? If it's only a proof of concept, then it's a bad idea. You are practically advertising a use-it-but-cross-your-fingers implementation. If you intend to submit another hardware driver which _is_ constant time, then it is even more a bad idea. The end-user doesn't know which driver is actually running and if it is resistant or not to timing attacks. Cristian S.-- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html