Werner Koch <[EMAIL PROTECTED]> writes: >Does the proprietary SSH still use GMP? I know no other major crypto apps >using GMP for big number math.
I've seen it used in a couple of lesser-known apps that I played with for interop testing, nothing that counts as a major app though. Maybe it's being used by people who prefer the LGPL to the more widely-used OpenSSL bignum lib's BSD license (or perhaps it's the fact that GMP has documentation :-). >A problem with GMP is that it heavily uses alloca() and thus it is not that >hard to find traces of secrets in the core. Ouch! This is a pity, because GMP seems to have the most active development in terms of both algorithm optimisation and machine-specific optimisations - if you want to find a version that runs well on $obscure_embedded_platform, it's pretty much GMP or nothing. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
