Tony Arcieri
Tony Arcieri
The foundation of `ConditionallySelectable` is bitwise masking of values + XOR, using the input `Choice` to generate a conditional mask, such that the mask erases one of the two values...
The `num-bigint`(-dig) crate(s) implement operations in a non-constant-time manner. Notably they include a [`normalize`](https://github.com/rust-num/num-bigint/blob/367481903a56a89eee2bffa5a27f8b9c75bfd40f/src/biguint.rs#L848-L859) function which strips trailing zeros, which is called all over the place. The `crypto-bigint` crate has...
Currently `rfc6979` bundles a tiny, slow, byte-oriented bignum library: https://github.com/RustCrypto/signatures/blob/master/rfc6979/src/ct.rs Several of the interfaces described in RFC6979 describe an "int" type, perhaps most notably the `bits2int` function (which is partially...
The `ChaCha20Legacy` construction, i.e. the djb variant, is supposed to use a 64-bit counter but currently uses a 32-bit counter because it shares its core implementation with the IETF construction...
The previous parallel implementation of Argon2 was removed in #247. There were soundness concerns about how it handled mutable aliasing, namely that it's unsound for mutable aliases to exist even...
Currently the `Encryptor` and `Decryptor` accept an explicit nonce, which is 64-bit or 56-bit when used with IETF AEADs that use 96-bit nonces. This is too small to safely expose...
Though an incremental/"streaming" decryption API is unsafe as by design it must disclose unauthenticated plaintext candidates (which can allow an attacker to perpetrate CCAs), incremental *encryption* is both possible and...
Note: continuation of #970 We recently replaced `generic-array` with `hybrid-array`, which hopefully improves overall ergonomics, but ideally we wouldn't need `typenum` at all and could express all of our constraints...
Taking a step back from https://github.com/RustCrypto/traits/pull/354, I thought it'd be good to look how and where ILP and SIMD parallelism is currently used across the project as a whole, and...
There are a couple issues related to this (#19, #51), but no specific discussion issue for it, so I thought I'd open one. `crypto-bigint` v0.6.0-pre.0 now includes more fully featured...