more warnings for multiplication timings

author Loup Vaillant <loup@loup-vaillant.fr>

Sun, 12 Nov 2017 16:27:28 +0000 (17:27 +0100)

committer Loup Vaillant <loup@loup-vaillant.fr>

Sun, 12 Nov 2017 16:27:46 +0000 (17:27 +0100)
author Loup Vaillant <loup@loup-vaillant.fr>
Sun, 12 Nov 2017 16:27:28 +0000 (17:27 +0100)
committer Loup Vaillant <loup@loup-vaillant.fr>
Sun, 12 Nov 2017 16:27:46 +0000 (17:27 +0100)
diff --git a/doc/man/man3/intro.3monocypher b/doc/man/man3/intro.3monocypher

index 0a3b3897f919fdbf557211c06d549fac76b3999a..86661243de8ca4dc92ad65d7bd96e281b3290ab5 100644 (file)
--- a/doc/man/man3/intro.3monocypher
+++ b/doc/man/man3/intro.3monocypher
@@ -174,6 +174,8 @@ destroy all security.
  .Pp
  The Poly1305 authenticator, X25519, and EdDSA use multiplication.
  Some older processors do not multiply in constant time.
+If the target platform is something other than x86, x86_64, ARM or
+ARM64, double check how it handles multiplication.
  .Pp
  .Sy The lengths of the inputs are not secret.
  Timings do reveal them \(en So do network traffic and file sizes.
author	Loup Vaillant <loup@loup-vaillant.fr>
	Sun, 12 Nov 2017 16:27:28 +0000 (17:27 +0100)
committer	Loup Vaillant <loup@loup-vaillant.fr>
	Sun, 12 Nov 2017 16:27:46 +0000 (17:27 +0100)