Hacker News new | ask | show | jobs
by CiPHPerCoder 3075 days ago
Side-channel attacks against base64 encoding have yet to be proven, but constant-time implementations are available just in case.

My contribution is here: https://github.com/paragonie/constant_time_encoding
1 comments
nickpsecurity 3075 days ago
I'll add a high-assurance implementation from Galois to that which is probably not constant time. Their blog and Github has quite a few useful tools.

https://galois.com/blog/2013/09/high-assurance-base64/

Also, anyone wanting constant time implementation might just run a verified implementation through something like FaCT or Jasmin:

https://cseweb.ucsd.edu/~dstefan/pubs/cauligi:2017:fact.pdf

https://acmccs.github.io/papers/p1807-almeidaA.pdf

link