Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

On Sat, March 9, 2013 5:25 pm, Tony Arcieri wrote: > On Sat, Mar 9, 2013 at 4:16 PM, Jeffrey Walton wrote: > > > The Web Cryptography Working Group looks well organized, provides a > > very good roadmap, and offers good documentation. > > http://www.w3.org/2012/webcrypto/. > > > I have a blog po

Re: [cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

On Sat, Mar 9, 2013 at 4:16 PM, Jeffrey Walton wrote: > The Web Cryptography Working Group looks well organized, provides a > very good roadmap, and offers good documentation. > http://www.w3.org/2012/webcrypto/. I have a blog post about it forthcoming, but I'd like to share the tl;dr version h

[cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

Hi All, For those interested, it appears Javascript is getting cryptography. The Web Cryptography Working Group looks well organized, provides a very good roadmap, and offers good documentation. http://www.w3.org/2012/webcrypto/. There is a list of use cases at http://www.w3.org/TR/WebCryptoAPI/#

Re: [cryptography] side channel analysis on phones

Ian, Hopefully some more food for thought. However, given that neither Android development nor side-channels is where my expertise lies, I can't guarantee that such "food" won't cause undue illness. ;-) On Sat, Mar 9, 2013 at 5:06 AM, ianG wrote: >> On Mar 8, 2013 5:46 AM, "Ethan Heilman" >

Re: [cryptography] side channel analysis on phones

Dear Ian, > Has anyone done any side channel analysis on phones? > On the constructive side you might want to check out NaCl for ARM (best with NEON), e.g. http://cryptojedi.org/crypto/#neoncrypto which avoids all software side channel attacks. Not sure how you would avoid cache attacks i

Re: [cryptography] side channel analysis on phones

> -Original Message- > From: cryptography [mailto:cryptography-boun...@randombit.net] On Behalf > Of ianG > Sent: Saturday, March 09, 2013 05:07 > To: cryptography@randombit.net > Subject: Re: [cryptography] side channel analysis on phones > > > Sure. RSA signing is the algorithm. The s

Re: [cryptography] side channel analysis on phones

ianG wrote: [...], I'm expecting there to be no special hardware access via Android/Java. [...] normally the developer has no control over which phone the product will be used on. There isn't a lot of point in developing for some special hardware features. Yet there is one such point: s

Re: [cryptography] side channel analysis on phones

Responding to two at once: On 8/03/13 16:58 PM, Derek Miller wrote: Since he's writing an Android client side app, TrustZone is probably not available to him. Also, the latest ARM chips are still ARMv7. We wont see any ARMv8 chips until at least next year. So the AES acceleration instructions a