This repository has been archived by the owner on Oct 10, 2019. It is now read-only.
Crypto and constant time #186
Comments
|
@martinthomson That sounds like a good idea. Probably we should have a note in the README, in the spec text, and in MDN documentation (cc @sarahgp ). Do you have a good, easy-to-understand reference to link to which explains the issue clearly? |
|
This might depend on audience. For beginners this guide seems about right, and that's probably good for MDN. |
|
Yeah, that article looks perfect. OK, would you be up for writing a PR against the README here to link to it, with an appropriate summary? We can edit MDN second, based on that text. |
martinthomson
added a commit
to martinthomson/proposal-bigint
that referenced
this issue
Dec 21, 2018
I will leave it to @littledan to work out how to get something like this in the spec. Closes tc39#186.
|
People are trying to create crypto libraries anyway (example). We need someone to write a good article about JS BigInt constant time pitfalls 😔 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I see #45, which is good, but I don't think that it goes far enough.
I don't know what the general policy is regarding including statements about what particular tools are good for, but this really needs a caution against using this for crypto. I see a lot of enthusiasm for this motivated by a desire to write/polyfill cryptographic algorithms. Those people will have a bad time when they discover the consequences of exposing timing side channels.
Even just saying that none of the operations on BigInt are not required to be constant time would go a long way, though I would say that an explicit statement about crypto would be ideal.
The text was updated successfully, but these errors were encountered: