On Fri, 27 Jun 2003 14:02:30 +1200, Peter Gutmann said: > the GMP source code to know what it does (GMP is a special case, being a > general bignum library but with an implicit acknowledgement that it's going to > end up used for crypto as well, although there are some missing primitives
Does the proprietary SSH still use GMP? I know no other major crypto apps using GMP for big number math. A problem with GMP is that it heavily uses alloca() and thus it is not that hard to find traces of secrets in the core. Shalom-Salam, Werner -- Werner Koch <[EMAIL PROTECTED]> The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
