Now that I've looked through the code for LTC SHA-512, I'm pretty
sure that I can examine LTC SHA-256 in a day or two. Is there an
imminent deadline I should know about?
As for the 256-bit curve: yes, it will trigger unaudited code paths,
but that's because I haven't yet audited every function used by the
ECC package. ECC uses a lot of math, for example, and I haven't yet
looked at each mathematical function yet. However, I can say that the
256-bit curve defined in LTC matches the NIST recommendation, and
that the unaudited code paths triggered by that curve will be in the
underlying math functions, not LTC itself.
--
Jonathan Herzog
Cryptographic consulting
[EMAIL PROTECTED]
www.jonathanherzog.com
On Jul 10, 2007, at 1:14 PM, Ivan Krstić wrote:
Jon, do you think you would be able to audit the LTC SHA-256 code
reasonably quickly, and do you have qualms about the NIST 256-bit
ECC curve triggering unaudited code paths? I'm not familiar with
that code.
--
Ivan Krstić <[EMAIL PROTECTED]> | http://radian.org
_______________________________________________
Devel mailing list
[email protected]
http://lists.laptop.org/listinfo/devel
