home.social
Sign in Create account

#constant-time — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #constant-time, aggregated by home.social.

fetched live
  1. SpaceLifeForm @[email protected] ·

    Security is hard.

    The TL;DR is: Do not lose possesion of your private key.

    Addendum: This is from a year ago to be clear. But, there are many people that have older Yubikeys that Can Not be fixed.

    ninjalab.io/eucleak/

    The attack requires physical access to the secure element (few local electromagnetic side-channel acquisitions, i.e. few minutes, are enough) in order to extract the ECDSA secret key. In the case of the FIDO protocol, this allows to create a clone of the FIDO device.

    All YubiKey 5 Series (with firmware version below 5.7) are impacted by the attack and in fact all Infineon security microcontrollers (including TPMs) that run the Infineon cryptographic library (as far as we know, any existing version) are vulnerable to the attack.

    yubico.com/support/security-ad

    #2FA #SideChannel #ConstantTime

    #2fa #sidechannel #constanttime
  2. SpaceLifeForm @[email protected] ·

    While this is a low threat, it could have been defended against at basically no cost.

    hXXps://research.kudelskisecurity.com/2017/01/16/when-constant-time-source-may-not-save-you/

    arstechnica.com/security/2024/

    #CryptoGraphy #ConstantTime

    #cryptography #constanttime
  3. Nicola Tuveri @[email protected] ·

    RT @[email protected]

    We share with you the first implementation of the SIDH-PoK from De Feo-Dobson-Galbraith-Zobernig. Additionally, we implement a signature scheme based on that PoK. #ConstantTime #CLanguage #Isogenies
    Joint work with @[email protected] and #LucasPandolfoPerin twitter.com/IACR_News/status/1

    🐦🔗: twitter.com/Jebus_dguez/status

    #lucaspandolfoperin #isogenies #clanguage #constanttime