cryptocoding icon indicating copy to clipboard operation
cryptocoding copied to clipboard

Published 20 hours ago verified publisher icon veorq

Metadata

Guidelines for low-level cryptography software

Results 7 cryptocoding issues
Sort by recently updated
recently updated
newest added

Compare secret strings in constant time

1 comment

I have a (1)suggestion and a (2)question about the "Compare secret strings in constant time". (1) I guess the Cryptocoding resource is supposed to be an introduction beside giving expertise....

AndreasBriese avatar AndreasBriese

Use strong randomness: *NIX randomness issues

# getentropy(2) on OpenBSD Your text suggests using [getentropy(2)](https://man.openbsd.org/getentropy.2) on OpenBSD: > On OpenBSD, use getentropy(), which has a similar behavior and predates Linux' syscall. getentropy(2) is meant to be...

xorhash avatar xorhash

Bad solution for "use strong randomness"

LibreSSL's `getentropy_urandom()` calls `gotdata()` which checks if the data is not all zeros. If you are calling this for short random integers, then all zeros is a very possible random...

Sc00bz avatar Sc00bz

Maybe note that RDRAND may happen to be buggy

Like with older AMDs: https://www.dvhardware.net/article70868.html > the chip starts returning non-random data (when random data is expected) via the RdRand instruction following a suspend/resume cycle.

dgpv avatar dgpv

structure/organize the randomness section

veorq avatar veorq

add entry about randomness/nonce reuse

veorq avatar veorq

add entry about secure sampling

e.g. about naive modulo vs rejection sampling "Pick random objects really randomly"?

veorq avatar veorq

Metadata

1.0k
Stars
91
Forks
Watchers

Owner

verified publisher icon veorq

Metadata

Guidelines for low-level cryptography software

Back