On Wed, 25 Jun 2003, tom st denis wrote:
>The Draft Edition of the LibTomMath book [book about how to implement >bignum math] is freely available on my site at > >http://book.libtomcrypt.org > >Keep in mind it is a draft and has not been edited yet. However, if >you ever wanted to learn how to implement efficient [portable too] >bignum math routines you might want to give it a read. > >Enjoy, >Tom One thing that I've noticed for a long time is that there are *VERY* few math libraries that don't leave whatever numbers they're working with in memory when deallocating (deallocating heap via free() or deallocating stack via returning from a procedure call or deallocating swapspace by getting paged back in off a disk). And numbers that an application leaves lying around in whatever working memory or media it's using, can be discovered and exploited by other programs - frequently by unauthorized ones. Windowing systems have the same kind of leakage, but you can avoid using windowing systems with a crypto program; there's no need to put sensitive information like keys or passwords on the screen ever. Admittedly, I'd like to have a secure windowing system, but it seems unlikely. But I think Math is indispensable to crypto, and there ought to be a secure mathematics library. Bear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
