crypto: constant time AES and GCM #19413
Open
Milestone
Comments
This is pretty much a dup of #16821 (initially titled: "crypto: non-constant time arithmetic"). gri wrote on that issue:
At the end it was decided to just update the documentation to make clear what is (or isn't) constant-time. Making everything constant-time on every system is probably a (very) long-term goal. |
Yeah, the docs in 850e55b are sufficient for now. We can leave this open as a tracking bug, though. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please answer these questions before submitting your issue. Thanks!
What version of Go are you using (
go version
)?1.7.4
What operating system and processor architecture are you using (
go env
)?What did you do?
Looked at the Go docs for
crypto/aes
What did you expect to see?
That the AES implementation uses bitslicing to make it constant time.
What did you see instead?
That the AES-GCM implementation is not constatn time and is vulnerable to timing attacks.
The text was updated successfully, but these errors were encountered: