On Wed, 25 Jun 2003, tom st denis wrote:

>The Draft Edition of the LibTomMath book [book about how to implement
>bignum math] is freely available on my site at
>Keep in mind it is a draft and has not been edited yet.  However, if
>you ever wanted to learn how to implement efficient [portable too]
>bignum math routines you might want to give it a read.

One thing that I've noticed for a long time is that there
are *VERY* few math libraries that don't leave whatever
numbers they're working with in memory when deallocating
(deallocating heap via free() or deallocating stack via
returning from a procedure call or deallocating swapspace
by getting paged back in off a disk).

And numbers that an application leaves lying around in
whatever working memory or media it's using, can be
discovered and exploited by other programs - frequently
by unauthorized ones.

Windowing systems have the same kind of leakage, but you
can avoid using windowing systems with a crypto program;
there's no need to put sensitive information like keys
or passwords on the screen ever.  Admittedly, I'd like
to have a secure windowing system, but it seems unlikely.

But I think Math is indispensable to crypto, and there
ought to be a secure mathematics library.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to