Guidelines for Mitigating Timing Side Channels Against Cryptographic Implementations
"The CMOVcc instruction runs in time independent of its arguments in all current x86 architecture processors. This includes variants that load from memory. The load is performed before the condition is tested. Future versions of the architecture may introduce new addressing modes that do not exhibit this property."
intel  crypto  doom 
3 days ago
Automatic tool for the verification of side-channel countermeasures
july 2019
Secure or Compliant, Pick One
"I’m on record as stating that FIPS 140-2 validated software is necessarily less secure than its equivalent unvalidated implementation, all other things being equal."

From the person who ran the OpenSSL FIPS validations. Good link to send people who think FIPS is a good idea.
june 2019
may 2019
Systematizing SoK
Systematizing Systematization of Knowledge
papers  research  security 
april 2019
YOLOv3: An Incremental Improvement
But maybe a better question is: “What are we going to do with these detectors now that we have them?” A lot of the people doing this research are at Google and Facebook. I guess at least we know the technology is in good hands and definitely won’t be used to harvest your personal information and sell it to.... wait, you’re saying that’s exactly what it will be used for?? Oh.
Well the other people heavily funding vision research are the military and they’ve never done anything horrible like killing lots of people with new technology oh wait.....[1]
[1] The author is funded by the Office of Naval Research and Google.
march 2019
« earlier      
advice aes agriculture ai algorithm altivec analysis apache api architecture arm art article assembler awesome beer bitcoin blog book books boost brewing business c c++ c++11 cache capabilities cell code compiler compilers computers concurrency cpu crypto cuda culture database datastructures dc debugging design distributed diy django documentation e ecc economics economy education electronics energy essay fiction filesystem filter finance food framework functional funny games gardening gcc gcm gentoo google government graphics grimmeathookfuture gtd hardware hashfunction haskell history hosting howto humor ietf intel internet interview java javascript json jvm kernel language lattices law learning library lifehacks linux lisp mail management manual maps math mceliece memory messaging military money monotone music network networking news nist nyc ocaml opensource operatingsystem optimization organization p2p pairings pake paper papers parallel parser parsing patterns paulgraham paxos people performance perl philosophy photo photography physics pir policestate politics powerpc pqcrypto privacy productivity programming protocol psychology python reference reviews rfc rng rsa ruby rust scala scheme science search security server sgx shopping sidechannel simd singularity society software sql standard statistics storage sysadmin systems tahoe technology testing theory threads tls tool toolbox tools toreview tpm travel tutorial unix usa vermont versioncontrol via:graydon video visualization web web2.0 windows work writing x11 x509 x86

Copy this bookmark: