I don't agree this is a feature.
An Javascript implementation of a command line tool is a terrible idea performance wise. There is good reasons jq is written in C.
It sounds like her use case is badly suited for raw binary transmission due to the high possibility of data loss, much like the internet used to be when base64 was originally introduced.
You seem to be confusing encoding (base64 for example), and encryption (AES for example).
Where a side channel attack studying the decryption speed/power use can reveal information, the encoding of said encrypted data can not as far as I ever heard about. (It will still be encrypted after base64 decoding has taken place).
Please correct me if I'm wrong.
EDIT: I see you updated your original message with different wording, please ignore this rant.
You seem to be confusing encoding (base64 for example), and encryption (AES for example).
I don't.
Where a side channel attack studying the decryption speed/power use can reveal information, the encoding of said encrypted data can not as far as I ever heard about. (It will still be encrypted after base64 decoding has taken place).
Encoding/decoding a value to/from base64 depends on the value, and many implementations use a lookup table or branches. While the table is small, so it fits in CPU cache thus making timing differences harder to detect, it's important for code dealing with secret values to avoid any timing differences by using simple branchless instructions that we know are constant-time on CPUs.
Unless you’re doing something out of the ordinary, secrets and plaintext aren’t base64 encoded. A variably-timed encoder/decoder will leaks bits of the ciphertext, which the attacker presumably already has.
Most web servers on the Internet store unwrapped base64-encoded secret keys.
Most SSH hosts store their secret keys encoded in base64 (/etc/ssh/).
Then, there's JWK which supports unwrapped secret keys.
Basically, you can't guarantee that the whole world is only encoding encrypted keys. That's why it's a good software engineering practice to prevent possible attacks by using constant-time encoder/decoder. As you can see from the link in posted, BoringSSL implements one.
Finally, the context of this thread is encoding and decoding of secret data, so I'm not sure why you had to post your opinion stating that it never happens. 1) It happens in real world. 2) I mentioned a solution for the case when it happens.
It is not, but if like it was the case for rowhammer, it was linked to a specific instruction (clflush).
This time it could be an AVX512 instruction (intel only) that leaks kernel address in a way or another.
I was talking from an ISA perspective.
For eg, clflush may be implemented differently between Intel and AMD, it has the same effect on system RAM hence a shared exploit.
> It is not, but if like it was the case for rowhammer, it was linked to a specific instruction (clflush).
No, rowhammer does not need clflush. All rowhammer needs is to be able to write to the same physical memory locations repeatedly. Normally the cache would get in the way, so the attacker needs to bypass it. Flushing the cache (clflush) is one way, but there are others; AFAIK, it has been demonstrated rowhammer from within a Javascript VM, which has no access to clflush.
Yes, I knew you could do rowhammer on arm too where clflush does not exit. So rowhammer is not the correct example.
Yet at some point it was believed that it was necessary on x86 for the attack to work. https://en.wikipedia.org/wiki/Row_hammer#Exploits
I just made a bet that I could guess something out of ISA only.
Going macro to describe what may be the issue. I'm just doing a guess work here.
I was not implying Intel has the same implementation as AMD, nor I was making a case for "this is like rowhammer"
That is http://www.thevintagenews.com/2017/09/10/the-hoba-meteorite-...