On Sat, March 9, 2013 5:25 pm, Tony Arcieri wrote:
> On Sat, Mar 9, 2013 at 4:16 PM, Jeffrey Walton wrote:
>
> > The Web Cryptography Working Group looks well organized, provides a
> > very good roadmap, and offers good documentation.
> > http://www.w3.org/2012/webcrypto/.
>
>
> I have a blog po
On Sat, Mar 9, 2013 at 4:16 PM, Jeffrey Walton wrote:
> The Web Cryptography Working Group looks well organized, provides a
> very good roadmap, and offers good documentation.
> http://www.w3.org/2012/webcrypto/.
I have a blog post about it forthcoming, but I'd like to share the tl;dr
version h
Hi All,
For those interested, it appears Javascript is getting cryptography.
The Web Cryptography Working Group looks well organized, provides a
very good roadmap, and offers good documentation.
http://www.w3.org/2012/webcrypto/.
There is a list of use cases at
http://www.w3.org/TR/WebCryptoAPI/#
Ian,
Hopefully some more food for thought. However, given that neither
Android development
nor side-channels is where my expertise lies, I can't guarantee that such "food"
won't cause undue illness. ;-)
On Sat, Mar 9, 2013 at 5:06 AM, ianG wrote:
>> On Mar 8, 2013 5:46 AM, "Ethan Heilman" >
Dear Ian,
> Has anyone done any side channel analysis on phones?
>
On the constructive side you might want to check out NaCl for ARM (best
with NEON), e.g.
http://cryptojedi.org/crypto/#neoncrypto
which avoids all software side channel attacks. Not sure how you would
avoid cache attacks i
> -Original Message-
> From: cryptography [mailto:cryptography-boun...@randombit.net] On Behalf
> Of ianG
> Sent: Saturday, March 09, 2013 05:07
> To: cryptography@randombit.net
> Subject: Re: [cryptography] side channel analysis on phones
>
>
> Sure. RSA signing is the algorithm. The s
ianG wrote:
[...], I'm expecting
there to be no special hardware access via Android/Java.
[...] normally the developer has no control over which phone the
product will be used on. There isn't a lot of point in developing for
some special hardware features.
Yet there is one such point: s
Responding to two at once:
On 8/03/13 16:58 PM, Derek Miller wrote:
Since he's writing an Android client side app, TrustZone is probably not
available to him.
Also, the latest ARM chips are still ARMv7. We wont see any ARMv8 chips
until at least next year. So the AES acceleration instructions a