Tony Arcieri
Tony Arcieri
> Because now users can't just use an in-place API and be portable over all implementations. ...but you want to offer a trait specifically for implementations which *don't* offer an...
Adding `inout` support to the detached modes sounds like a good idea to me
The following are tracking issues for releases of important dependencies of the crates tracked in this issue: - [ ] `block-buffer` v0.11, `block-padding` v0.4, `inout` v0.2: https://github.com/RustCrypto/utils/issues/1070 - [x] `hybrid-array`...
#1677 suggests merging `async-signature` into `signature`, which would eliminate the need for another `async-signature` release
We can probably start releasing some of the crates that are lower in the dependency hierarchy soon
Derived `Eq` on `SigningKey` would introduce a timing sidechannel
It doesn't currently impl `PartialEq`, but regardless, the derived implementation will use a data-dependent short-circuiting check, rather than one that always performs the comparison in constant-time
Oh, I guess it does derive `PartialEq` (not sure how I missed that before). I guess that will be less of an issue when #906 lands and it switches to...
Only `x` is secret, the other components are part of the public key
Yep, `crypto_bigint::Uint` compares in constant-time internally, even when using the `PartialEq` API