On Wed, May 19, 2021, at 01:58, David Benjamin wrote:
> constant-time should be a default baseline requirement for implementing any
> cryptographic primitive.
Or put more generally, ...
Avoiding side channels through value-independence should be a default baseline
requirement for handling any s
I don't know of any list, but everything that deals with secrets has some
constant-time portion. This applies to both long-lived and ephemeral
secrets, and includes clients and servers. How practical an attack is
depends on many factors, including the application itself, but I think we
have ample e
