Closed brycx closed 3 years ago
Very cool! Glad to see that even the encoding is constant-time now. Will this be added to the automated timing tests?
Will this be added to the automated timing tests?
Good point! Yeah, this could be added to the dudect tests. They also need to be updated regardless, because the GH Actions workflow has stopped because of git-commit-inactivity in that repo. I think those should be running weekly. Adding it to the todos.
Fixed in #189 and constant-time execution tests included in https://github.com/brycx/orion-dudect/pull/6 (still pointing to master
branch for Orion, but local tests pass)
The current encoding and decoding of a
PasswordHash
inorion::pwhash
is not constant-time (also noted in the security section of the docs). It's been in the backlog to implement this, but it seems a viable crate has been released in the meantime: https://github.com/jedisct1/rust-ct-codecsAccording to the README, the crate re-implements the encoding formats from libsodium/libhydrogen. It also defines
#![forbid(unsafe_code)]
.TODO:
base64
crate should be switched out with the above