[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: symbol catenation and montgomery

From: Torbjorn Granlund
Subject: Re: symbol catenation and montgomery
Date: 29 Sep 2000 13:04:17 +0200
User-agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.6

Werner Koch <address@hidden> writes:

  There is a reason not to use GMP:  It is a complex software and
  GnuPG is already too large - every line of extra code is a security
  risk and by stripping down the math lib to the actually needed size
  we can make the GnuPg somewhat more secure. (Well, I know there are
  all the ugly options, but they are very straighforward implemented
  and should only have a low risk of unwanted sideeffects).
That's a good point.

We actually have a known buffer overrun in GMP 3.1 (shiver!).  It is
in the mpf function layer, which few serious cryptographers use.  But
a buffer overrun is always a buffer overrun.  :-)

We are now pushing GMP 3.1.1 out the door, which has only unknown
buffer overruns.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]