[curves] pure-python Ed25519 library for review
Gregory Maxwell
gmaxwell at gmail.com
Tue Apr 7 12:05:56 PDT 2015
On Tue, Apr 7, 2015 at 6:55 PM, Brian Warner <warner at lothar.com> wrote:
> Of course it's very much not constant-time, and a lot slower than a C
> implementation. But a pure-python library is, in practice, much easier
> to depend upon than one that requires a C compiler.
I applaud you for seeking public review; but doesn't your remark above
mean that many people will use it, because its easy, even if their
actual (and perhaps not completely known to them) security
requirements demand that it not have timining sidechannels (or memory
leaks)?
(Especially that seems odd when also talking about SPAKE2, ... a
complex zero knowledge password based key agreement having a timing
leak that might even be visible on the network would be really
unfortunate.)
More information about the Curves
mailing list