[13712] in cryptography@c2.net mail archive
Re: Draft Edition of LibTomMath book
daemon@ATHENA.MIT.EDU (Werner Koch)
Fri Jun 27 11:00:30 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: pgut001@cs.auckland.ac.nz (Peter Gutmann)
Cc: bear@sonic.net, tomstdenis@yahoo.com, cryptography@metzdowd.com
From: Werner Koch <wk@gnupg.org>
Date: Fri, 27 Jun 2003 15:24:06 +0200
In-Reply-To: <200306270202.h5R22UX15333@medusa01.cs.auckland.ac.nz> (Peter
Gutmann's message of "Fri, 27 Jun 2003 14:02:30 +1200")
On Fri, 27 Jun 2003 14:02:30 +1200, Peter Gutmann said:
> the GMP source code to know what it does (GMP is a special case, being a
> general bignum library but with an implicit acknowledgement that it's going to
> end up used for crypto as well, although there are some missing primitives
Does the proprietary SSH still use GMP? I know no other major crypto
apps using GMP for big number math. A problem with GMP is that it
heavily uses alloca() and thus it is not that hard to find traces of
secrets in the core.
Shalom-Salam,
Werner
--
Werner Koch <wk@gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
