Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Snapshot
|
Docs
|
Privacy
|
Changes
|
Wishlist
DIT, for 'Data-Independent Timing', is a bit you can set in the processor state on sufficiently new Arm CPUs, which promises that a long list of instructions will deliberately avoid varying their timing based on the input register values. Just what you want for keeping your constant-time crypto primitives constant-time.
In version 0.82 and before, PuTTY did not set the DIT flag. So in principle a CPU was free to optimise in a data-dependent way. However, I'm not yet aware of any CPU implementing the Arm architecture which does perform any data-dependent optimisations. So this was a lack of futureproofing, but unless we hear otherwise, not an actual side-channel leak.
The Unix builds of PuTTY now attempt to turn on DIT in the PuTTY process state, if the operating system tells it the feature is available.
The Windows on Arm versions of PuTTY still do not, because Windows has no API call to query whether the necessary machine instruction is supported. I [SGT] have heard it rumoured that Windows might unconditionally turn on DIT anyway, in which case this doesn't matter, but at present I have no confirmation of that. Further information welcome, if anyone has any!