Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote: > > +config CRYPTO_AES_REDUCED_TABLES > + bool "Use reduced AES table set" > + depends on CRYPTO_AES && HAVE_EFFICIENT_UNALIGNED_ACCESS > + default y > + help > + Use a set of AES lookup tables that is only half the size, but > + uses unaligned accesses to fetch the data. Given that the D-cache > + pressure of table based AES induces timing variances that can > + sometimes be exploited to infer key bits when the plaintext is > + known, this should typically be left enabled. I don't think this option should exist at all, and certainly not as a user-visible option. Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
