[13704] in cryptography@c2.net mail archive
Re: Draft Edition of LibTomMath book
daemon@ATHENA.MIT.EDU (bear)
Wed Jun 25 23:36:52 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 25 Jun 2003 16:35:18 -0700 (PDT)
From: bear <bear@sonic.net>
To: tom st denis <tomstdenis@yahoo.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <20030625165941.26707.qmail@web41112.mail.yahoo.com>
On Wed, 25 Jun 2003, tom st denis wrote:
>The Draft Edition of the LibTomMath book [book about how to implement
>bignum math] is freely available on my site at
>
>http://book.libtomcrypt.org
>
>Keep in mind it is a draft and has not been edited yet. However, if
>you ever wanted to learn how to implement efficient [portable too]
>bignum math routines you might want to give it a read.
>
>Enjoy,
>Tom
One thing that I've noticed for a long time is that there
are *VERY* few math libraries that don't leave whatever
numbers they're working with in memory when deallocating
(deallocating heap via free() or deallocating stack via
returning from a procedure call or deallocating swapspace
by getting paged back in off a disk).
And numbers that an application leaves lying around in
whatever working memory or media it's using, can be
discovered and exploited by other programs - frequently
by unauthorized ones.
Windowing systems have the same kind of leakage, but you
can avoid using windowing systems with a crypto program;
there's no need to put sensitive information like keys
or passwords on the screen ever. Admittedly, I'd like
to have a secure windowing system, but it seems unlikely.
But I think Math is indispensable to crypto, and there
ought to be a secure mathematics library.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
