suckless.org

       doc: vulnerabilities concerning cryptographic applications - libzahl - big integer library
 (HTM) git clone git://git.suckless.org/libzahl
 (DIR) Log
 (DIR) Files
 (DIR) Refs
 (DIR) README
 (DIR) LICENSE
       ---
 (DIR) commit 7132e2b0f31ca0520465baf3caa75650c5b1bf2f
 (DIR) parent aeef38031dd83d5935cdd9263856485b31e1588f
 (HTM) Author: Mattias Andrée <maandree@kth.se>
       Date:   Sun, 19 Jun 2016 01:54:49 +0200
       
       doc: vulnerabilities concerning cryptographic applications
       
       Signed-off-by: Mattias Andrée <maandree@kth.se>
       
       Diffstat:
         M doc/what-is-libzahl.tex             |      19 +++++++++++++++----
         M man/libzahl.7                       |       8 +++++++-
       
       2 files changed, 22 insertions(+), 5 deletions(-)
       ---
 (DIR) diff --git a/doc/what-is-libzahl.tex b/doc/what-is-libzahl.tex
       @@ -174,10 +174,21 @@ division: {\tt mpz\_tdiv\_q}, {\tt mpz\_tdiv\_r} and
        \label{sec:Limitations}
        
        libzahl is not recommended for cryptographic
       -applications, it is not mature enough, and its author
       -does not have the necessary expertise. And in
       -particular, it does not implement constant time
       -operations. Additionally, libzahl is not thread-safe.
       +applications, it is not mature enough, and its
       +author does not have the necessary expertise.
       +And in particular, it does not implement constant
       +time operations, and it does not clear pooled
       +memory. Using libzahl in cryptographic application
       +is insecure; your application may become susceptible
       +attacks such as timing attacks, power-monitoring
       +attacks, electromagnetic attacks, acoustic
       +cryptanalysis, and data remanence attacks. libzahl
       +is known to be susceptible to timing attacks
       +(due to lack of constant time operations) and
       +data remanence attacks (due to pooling memory
       +for reuse without clearing the content of the
       +memory allocations.) Additionally, libzahl is not
       +thread-safe.
        
        libzahl is also only designed for POSIX systems.
        It will probably run just fine on any modern
 (DIR) diff --git a/man/libzahl.7 b/man/libzahl.7
       @@ -53,6 +53,12 @@ You are strongly discouraged from using
        .B libzahl
        for cryptographic applications. Instead, use a library
        specifically targeting cryptography, otherwise, your
       -program may be subject to side-channel attacks.
       +program may be subject to side-channel attacks such as
       +timing attacks, power-monitoring attacks, electromagnetic
       +attacks, acoustic cryptanalysis, and data remanence
       +attacks.
       +.B libzahl
       +is known to be susceptible to timing attacks and data
       +remanence attacks.
        .SH SEE ALSO
        .BR zsetup (3)