arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update README

pull/857/head
Jeffrey Walton 2019-06-15 06:20:49 -04:00
parent 03619c0800
commit 840bc65740
No known key found for this signature in database
GPG Key ID: B36AB348921B1838
1 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
Readme.txt
View File

@ -205,21 +205,25 @@ library in your programs to help avoid unwanted redirections.
*** Side Channel Attacks *** *** Side Channel Attacks ***
Crypto++ attempts to resist side channel attacks using various remediations. We Crypto++ attempts to resist side channel attacks using various remediations.
believe the library is mostly hardened but the remdiations may be incomplete. The The remdiations are applied as a best effort but are probably incomplete. They
first line of defense uses hardware instructions when possible for block ciphers, are incomplete due to cpu speculation bugs like Spectre, Meltdown, Foreshadow.
hashes and other primitives. Hardware acceleration remediates many timing attacks. Intel generally refers to them as "Microarchitectural Data Sampling" (MDS).
The library also uses cache-aware algoirthms and access patterns to minimize leakage.
Some of the public key algorithms have branches and some of the branches depend on The library uses hardware instructions when possible for block ciphers, hashes
data that can be private or secret. The branching occurs in some field operations and other operations. The hardware acceleration remediates some timing
like exponentiation over integers and elliptic curves. The branching has been attacks. The library also uses cache-aware algoirthms and access patterns
minimized but not completely eliminated. to minimize leakage cache evictions.
Crypto++ does not enagage Specter remediations at this time. The GCC options for Some of the public key algorithms have branches and some of the branches depend
Specter are -mfunction-return=thunk and -mindirect-branch=thunk, and the library on data that can be private or secret. The branching occurs in some field
uses them during testing. If you want the Specter workarounds then add the GCC operations like exponentiation over integers and elliptic curves. The branching
options to your CXXFLAGS when building the library. has been minimized but not completely eliminated.
Crypto++ does not enagage Specter remediations at this time. The GCC options
for Specter are -mfunction-return=thunk and -mindirect-branch=thunk, and the
library uses them during testing. If you want the Specter workarounds then add
the GCC options to your CXXFLAGS when building the library.
If you suspect or find an information leak then please report it. If you suspect or find an information leak then please report it.