The Pure Crypto Project's Hash Function
Steven M. Bellovin
smb at research.att.com
Mon May 5 21:27:57 EDT 2003
In message <v03110709badc9f8bde2c@[192.168.1.5]>, Bill Frantz writes:
>At 1:21 PM -0700 5/3/03, Eric Rescorla wrote:
>>Can you explain every single line of the modular exponentiation
>>routine you're using? Every single line of the compiler you're
>>using to compile the code?
>
>The need to show that the object code is a correct implementation of the
>algorithm described by the source code is a general problem for validating
>any kind of code. My approach, and why I have some sympathy for Ralf's
>minimum code approach is:
>
>(1) Code the algorithm in assembler.
>
>(2) Explain each instruction as a comment on the instruction.
>
>(3) Run the code thru the assembler
>
>(4) Show that the output of the assembler matches the input, thereby
>avoiding the need to prove the assembler.
>
>YMMV!
>
Except, of course, that coding in assembler is quite demonstrably more
bug-prone. And I'm not even talking about productivity (also lower) --
bugs are a major source of security holes.
As for matching the output of the compiler -- well, it's not often that
I get to cite my dissertation, but that's what I worked on >20 years
ago. See http://www.research.att.com/~smb/dissabstract.html for the
abstract.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list