Tony Arcieri
Tony Arcieri
> Barrett Reduction isn't constant-time, so that was eliminated. While an implementation of a Barrett Reduction won't *necessarily* be constant-time, it's certainly *possible* to implement a Barrett Reduction in constant-time,...
> How can one defend against compiler optimizations messing up the constant-time characteristics of the algorithm? I'm hesitant to leave recommendations in the lint that could lead to someone implementing...
@daxpedda can you rebase this? I tried to resolve the conflicts unsuccessfully
@Demindiro it does look unrelated, yes
nit: BLAKE2 calls this a "personalization string" which I think might be a bit more clear vs "custom"
IMO it'd be clearer, but I'm curious what @newpavlov thinks
I guess BLAKE3 calls it a "context string", and also has some additional stipulations about how it be used (i.e. hardcoded at compile time)
@sylvainpelissier sorry for the belated reply! I think it'd be good if you could also open a PR to https://github.com/RustCrypto/hashes which impls these traits, so we can see if e.g....
I've changed my mind on the name "personalization", especially since it's used by BLAKE2 but not BLAKE3. I know I didn't like "custom" before, but "customization" seems ok? It also...
Can you still open a PR so we can see the error in context? It's hard to tell what's wrong without code.