AES-NI, symmetric key generation
Werner Koch
wk at gnupg.org
Tue Mar 10 22:13:34 CET 2015
On Tue, 10 Mar 2015 20:33, maricelgregoraschko at yahoo.com said:
> I admit I haven't looked at the AES-NI instruction set, but I've read
> that it could be easy for the CPU to reconstruct the key from a
Possible. It is also easy to detect the instructions used for software
based AES keyscheduling and leak the key from that knowledge. I'd pick
AES-NI for its better performace and SCA resistance.
RDRAND for random numbers is a different story. No sane crypto tool
should soley rely on this instruction.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list