Computer systems can unintentionally leak bits of secret information through observable variations in their behavior such as runtime or power consumption. These so-called "side-channels" can be harmful for the security of cryptographic systems where just a few bytes of leaked key material may compromise loads of sensitive data.
In this talk, we will explore how we mitigate typical side-channels in the open-source cryptography toolkit "Botan" and why this has increasingly become a game of cat and mouse against modern compiler optimizations. We will also present how established open-source tools such as valgrind can help find subtle side-channels in a semi-automatic way.