[cap-talk] automatically detect bugs in your bignum package by wooping
zooko
zooko at zooko.com
Mon Dec 17 17:30:43 EST 2007
On Dec 17, 2007, at 2:05 PM, Jonathan S. Shapiro wrote:
>
> Nah. I'ld agree that all *correct* "integer arithmetic" is modular
> because of memory limitations, but I have yet to see a BigNum
> implementation in the wild that actually checks for this error. :-)
I just read (most of) "Practical Cryptography" by Ferguson & Schneier
(see my glowing review on the tahoe-dev list [1]), and they describe
a cool little hack to automatically detect bugs in your bignum
package which goes under the cool little name of "wooping". It is
described first in Bos Jurjen's thesis [2, chapter 6], and also in
"Practical Cryptography", which I recommend.
Regards,
Zooko
[1] http://allmydata.org/pipermail/tahoe-dev/2007-December/000271.html
[2] http://citeseer.ist.psu.edu/336144.html
More information about the cap-talk
mailing list