Comment by d-z-m
2 years ago
> And I'm weary to add caching at the library level and risk exposing a side channel.
You mean a cache-timing attack against adiantum?
2 years ago
> And I'm weary to add caching at the library level and risk exposing a side channel.
You mean a cache-timing attack against adiantum?
I mean, caching the KDF result at the library level, without leaking that (e.g.) two databases share a key (that's the first one that came to mind, and why I removed the feature, instead of plugging the hole just to find another one).