Constant time base64

[DemiMarie]

This is needed to avoid a timing leak when reading and writing PEM encoded structures.

[briansmith]

I agree, but the problems can be avoided much more simply by not using base64 at all. ring intentionally doesn't support any base64 functionality as of now. OTOH it wouldn't be hard to add constant-time base64 to ring using its internal constant-time primitives, but it might be problematic to export enough of the private constant-time primitives so that others can implement base64 themselves on top of ring, so I'd at least review a PR that adds this.

[DemiMarie]

I agree that using base64 for secrets is a bad idea. On the other hand, a lot of formats require it.

My current thought is to start with a simple implementation, then perhaps later add optimized implementations that use SIMD instructions. I suspect that SIMD should be a big win.

On Jul 19, 2017 10:18 PM, "Brian Smith" notifications@github.com wrote:

I agree, but the problems can be avoided much more simply by not using base64 at all. ring intentionally doesn't support any base64 functionality as of now. OTOH it wouldn't be hard to add constant-time base64 to ring using its internal constant-time primitives, but it might be problematic to export enough of the private constant-time primitives so that others can implement base64 themselves on top of ring, so I'd at least review a PR that adds this.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/briansmith/ring/issues/559#issuecomment-316576955, or mute the thread https://github.com/notifications/unsubscribe-auth/AGGWBxCu0PmuUUd_ogroMASRQNq7Df2Pks5sPrj7gaJpZM4OdeQL .

[briansmith]

I don't think there's any need for a SIMD implementation for secrets, as secrets are small.