|
|
|
|
|
|
by tinus_hn
3561 days ago
|
|
|
Base64 is an implementation detail so it is kind of strange to see it mentioned here. It also obfuscates things so you often see it used in insecure solutions. That is why the use of base64 makes this look suspect even though on close inspection the ideas are probably valid. |
|
|
It's about an implementation of RFC 4648 encoding (including base64, base32, etc.) that doesn't index based on secret data.
Consequently, if a practical cache-timing exploit is ever demonstrated in existing implementations of encoding functions, the open source library we wrote will be immune.