[Cryptech Tech] Happier RSA timing numbers

Rob Austein sra at hactrn.net
Sat May 19 16:40:16 UTC 2018


On Fri, 18 May 2018 12:05:39 -0400, Rob Austein wrote:
...
> I seem to recall having tried bumping the number of AES cores
> without noticable effect, but would have to re-run the experiment if
> we wanted any real details.  In theory this could be caused by
> holding the lock for too wide a scope, so I'd want to check whether
> we're actually holding the keystore lock while unwrapping

Yes, we're still holding the lock while unwrapping.  In retrospect
this looks like a mistake, albeit one made for obvious reasons
(it kept the control flow dead simple, which is generally a good idea
when dealing with locks in an assembly language like C).  So that's
something we could try fixing, at which point maybe we'd get more
benefit from multiple AES cores.


More information about the Tech mailing list