axic
commented
6 years ago I wonder how much safety this would actually provide given the interpreted/JITed nature of Javascript?
Open bastien-roucaries opened 7 years ago
axic
commented
6 years ago I wonder how much safety this would actually provide given the interpreted/JITed nature of Javascript?
indutny
commented
6 years ago This is not obvious, but it might be worth exploration.
dcousens
commented
6 years ago Keep open as debt or close? Someone can always open a PR if necessary.
Artoria2e5
commented
5 years ago For anyone trying to look at this later, the problem in redPow that debian noted is the bit === 0 && current === 0 stuff as it performs differential treatment of different bits, skipping through consecutive zeros and allowing some classic DH timing stuff to happen. The rest looks mostly fine: mul is linear to input size; add / sub is trying to be clever but not too much.
It should be possible to just add a flag to disable the check. Someone will have to bench it and see there is any difference though.
Could you please implement this kind of mult: https://github.com/libressl-portable/openbsd/blob/57dcd4329d83bff3dd67a293d5c4a53b795c587e/src/lib/libcrypto/bn/bn_exp.c#L641-L646
It will be useful for https://github.com/crypto-browserify/diffie-hellman/issues/22