|
|
|
|
|
|
by cipherboy
780 days ago
|
|
|
Which reference AES implementation? My memory is that the one from the spec has terrible timing side channel attacks... e.g. https://www.redhat.com/en/blog/its-all-question-time-aes-tim... seems to corroborate my memory. I seem to recall this was remotely exploitable, and exploiting timing side channels has only gotten better since 2014. |
|
|
But the only versions mentioned in [1] that should compile out of the box into Wasm, are the ones that say they use "the Rijndaal reference implementation."
I don't think compiling OpenSSL into Wasm is tenable. But some wrappers around the Go AES implementation should work.
[1] https://www.sqlite.org/see/doc/release/www/readme.wiki