From 7132e2b0f31ca0520465baf3caa75650c5b1bf2f Mon Sep 17 00:00:00 2001 From: Mattias Andrée Date: Sun, 19 Jun 2016 01:54:49 +0200 Subject: doc: vulnerabilities concerning cryptographic applications MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mattias Andrée --- doc/what-is-libzahl.tex | 19 +++++++++++++++---- man/libzahl.7 | 8 +++++++- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/doc/what-is-libzahl.tex b/doc/what-is-libzahl.tex index 2a020df..e09d0bd 100644 --- a/doc/what-is-libzahl.tex +++ b/doc/what-is-libzahl.tex @@ -174,10 +174,21 @@ division: {\tt mpz\_tdiv\_q}, {\tt mpz\_tdiv\_r} and \label{sec:Limitations} libzahl is not recommended for cryptographic -applications, it is not mature enough, and its author -does not have the necessary expertise. And in -particular, it does not implement constant time -operations. Additionally, libzahl is not thread-safe. +applications, it is not mature enough, and its +author does not have the necessary expertise. +And in particular, it does not implement constant +time operations, and it does not clear pooled +memory. Using libzahl in cryptographic application +is insecure; your application may become susceptible +attacks such as timing attacks, power-monitoring +attacks, electromagnetic attacks, acoustic +cryptanalysis, and data remanence attacks. libzahl +is known to be susceptible to timing attacks +(due to lack of constant time operations) and +data remanence attacks (due to pooling memory +for reuse without clearing the content of the +memory allocations.) Additionally, libzahl is not +thread-safe. libzahl is also only designed for POSIX systems. It will probably run just fine on any modern diff --git a/man/libzahl.7 b/man/libzahl.7 index 66208b9..c57800d 100644 --- a/man/libzahl.7 +++ b/man/libzahl.7 @@ -53,6 +53,12 @@ You are strongly discouraged from using .B libzahl for cryptographic applications. Instead, use a library specifically targeting cryptography, otherwise, your -program may be subject to side-channel attacks. +program may be subject to side-channel attacks such as +timing attacks, power-monitoring attacks, electromagnetic +attacks, acoustic cryptanalysis, and data remanence +attacks. +.B libzahl +is known to be susceptible to timing attacks and data +remanence attacks. .SH SEE ALSO .BR zsetup (3) -- cgit v1.2.3-70-g09d2