hauleth
commented
8 years ago For now I focus on implementing stuff without too much concern about speed or implementation fails (like side-channel attacks). But I nomine it high as it should be first thing to be concerned about when I finish implementing most stuff. There probably will land more crates like ct, bn and others that main task will be resolve issues that you have pointed.
Currently Octavo seems to pay very little attention to resisting side-channel attacks (see e.g. the use of data-dependent array indices in blowfish and the use of noncryptographic big integers in RSA). While this isn't critical for some cryptographic settings, many applications (e.g. TLS) can easily be broken by timing attacks. Octavo should probably decide what its plan is.