Draft Edition of LibTomMath book
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Jun 27 23:54:51 EDT 2003
Werner Koch <wk at gnupg.org> writes:
>Does the proprietary SSH still use GMP? I know no other major crypto apps
>using GMP for big number math.
I've seen it used in a couple of lesser-known apps that I played with for
interop testing, nothing that counts as a major app though. Maybe it's being
used by people who prefer the LGPL to the more widely-used OpenSSL bignum
lib's BSD license (or perhaps it's the fact that GMP has documentation :-).
>A problem with GMP is that it heavily uses alloca() and thus it is not that
>hard to find traces of secrets in the core.
Ouch! This is a pity, because GMP seems to have the most active development
in terms of both algorithm optimisation and machine-specific optimisations -
if you want to find a version that runs well on $obscure_embedded_platform,
it's pretty much GMP or nothing.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list