Re: [PATCH 1/3] crypto: authenc - add TLS type encryption

From: Cristian Stoica
Date: Wed Mar 09 2016 - 03:18:25 EST

Next message: Shawn Lin: "[PATCH 0/3] Some fixes for slave-dma stuff for spi-rockchip"
Previous message: Jisheng Zhang: "Re: [PATCH net 1/3] net: mvneta: Fix spinlock usage"
In reply to: Tadeusz Struk: "Re: [PATCH 1/3] crypto: authenc - add TLS type encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Tadeusz,

>> SSL/TLS is prone to this implementation issue and many user-space libraries got this wrong. It would be good to see >>some numbers to back-up the claim of timing differences as not being an issue for this one.

>It is hard to get the implementation right when the protocol design is error prone.
>Later we should run some tests on it and see how relevant will this be for a remote timing attack.

Why later and who will do it?

If it's only a proof of concept, then it's a bad idea. You are practically advertising a use-it-but-cross-your-fingers implementation.
If you intend to submit another hardware driver which _is_ constant time, then it is even more a bad idea. The end-user doesn't know which driver is actually running and if it is resistant or not to timing attacks.

Cristian S.

Next message: Shawn Lin: "[PATCH 0/3] Some fixes for slave-dma stuff for spi-rockchip"
Previous message: Jisheng Zhang: "Re: [PATCH net 1/3] net: mvneta: Fix spinlock usage"
In reply to: Tadeusz Struk: "Re: [PATCH 1/3] crypto: authenc - add TLS type encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]