From 7132e2b0f31ca0520465baf3caa75650c5b1bf2f Mon Sep 17 00:00:00 2001 From: Mattias Andrée Date: Sun, 19 Jun 2016 01:54:49 +0200 Subject: doc: vulnerabilities concerning cryptographic applications MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mattias Andrée --- doc/what-is-libzahl.tex | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) (limited to 'doc') diff --git a/doc/what-is-libzahl.tex b/doc/what-is-libzahl.tex index 2a020df..e09d0bd 100644 --- a/doc/what-is-libzahl.tex +++ b/doc/what-is-libzahl.tex @@ -174,10 +174,21 @@ division: {\tt mpz\_tdiv\_q}, {\tt mpz\_tdiv\_r} and \label{sec:Limitations} libzahl is not recommended for cryptographic -applications, it is not mature enough, and its author -does not have the necessary expertise. And in -particular, it does not implement constant time -operations. Additionally, libzahl is not thread-safe. +applications, it is not mature enough, and its +author does not have the necessary expertise. +And in particular, it does not implement constant +time operations, and it does not clear pooled +memory. Using libzahl in cryptographic application +is insecure; your application may become susceptible +attacks such as timing attacks, power-monitoring +attacks, electromagnetic attacks, acoustic +cryptanalysis, and data remanence attacks. libzahl +is known to be susceptible to timing attacks +(due to lack of constant time operations) and +data remanence attacks (due to pooling memory +for reuse without clearing the content of the +memory allocations.) Additionally, libzahl is not +thread-safe. libzahl is also only designed for POSIX systems. It will probably run just fine on any modern -- cgit v1.2.3-70-g09d2