Side-channel attacks against base64 encoding have yet to be proven, but constant... | Hacker News

Hacker Timesnew | past | comments | ask | show | jobs | submit

		CiPHPerCoder on Jan 17, 2018 \| parent \| context \| favorite \| on: Fast base64 encoding and decoding Side-channel attacks against base64 encoding have yet to be proven, but constant-time implementations are available just in case. My contribution is here: https://github.com/paragonie/constant_time_encoding

nickpsecurity on Jan 18, 2018 [–]

I'll add a high-assurance implementation from Galois to that which is probably not constant time. Their blog and Github has quite a few useful tools.

https://galois.com/blog/2013/09/high-assurance-base64/

Also, anyone wanting constant time implementation might just run a verified implementation through something like FaCT or Jasmin:

https://cseweb.ucsd.edu/~dstefan/pubs/cauligi:2017:fact.pdf

https://acmccs.github.io/papers/p1807-almeidaA.pdf

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact