Hacker News new | past | comments | ask | show | jobs | submit login

I would be careful with statements like this, largely because the question of what 'bug free' means is real.

Do you mean that the crypto algorithms work as advertised? e.g. would DES after public knowledge of differential cryptanalysis be okay?

Do you mean that you have implemented algorithms exactly as specified?

Do you mean that you have implemented algorithms exactly as specified that are also constant time so that they resist timing attacks?

Do you mean that you have implemented algorithms exactly as specified that are not vulnerable to cache eviction attacks on shared hardware?

Do you mean that you have implemented algorithms exactly as specified that resist bit-flip attacks or SDR attacks, or audio attacks, or other Van Eck style listening?

I'm actually not trying to be down on your work. It's hard work, and the world needs more people who actually do it. I'm just saying it is VERY hard to feel confident, and as someone who has a passing interest in this kind of security, I worry when I read statements like you made.




Exactly as specified, and immune to timing attacks including cache eviction. I make no claim about other side channels, or the strength of the primitive themselves —though I did pick strong primitives.


:)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: