Bigints: update cryptography usage. (mdn#20272)

* Bigints: update cryptography usage. See mdn#18494 * Update files/en-us/web/javascript/reference/global_objects/bigint/index.md Co-authored-by: Joshua Chen <sidachen2003@gmail.com>
goshdarnheck · Sep 7, 2022 · 093d649 · 093d649
1 parent af25049
commit 093d649
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/files/en-us/web/javascript/reference/global_objects/bigint/index.md b/files/en-us/web/javascript/reference/global_objects/bigint/index.md
@@ -229,7 +229,7 @@ Because coercing between Number values and BigInt values can lead to loss of pre
 
 ### Cryptography
 
-The operations supported on BigInt values are not constant-time, and are thus open to [timing attacks](https://en.wikipedia.org/wiki/Timing_attack). JavaScript BigInts are therefore not well-suited for use in cryptography.
+The operations supported on BigInt values are not constant-time and are thus open to [timing attacks](https://en.wikipedia.org/wiki/Timing_attack). JavaScript BigInts therefore could be dangerous for use in cryptography without mitigating factors. As a very generic example, an attacker could measure the time difference between `101n ** 65537n` and `17n ** 9999n`, and deduce the magnitude of secrets, such as private keys, based on the time elapsed. If you still have to use BigInts, take a look at the [Timing attack FAQ](https://timing.attacks.cr.yp.to/programming.html) for general advice regarding the issue.
 
 ### Use within JSON