|
|
|
|
|
|
by duskwuff
1025 days ago
|
|
|
> If hardware acceleration is not available it should fall back to software not fail to build. It's not always possible to make the same security guarantees for these implementations. Software implementations of AES are frequently vulnerable to cache timing attacks, for example (e.g. [1]); even simple operations integer multiplication may not be constant-time on some architectures. [1]: https://cr.yp.to/antiforgery/cachetiming-20050414.pdf |
|
|
At some point this gets pedantic. Just not supporting anything but x64 and ARM64 means any project using ring or a dependency that uses ring can’t build elsewhere which turns ring into a land mine dependency.