We have also removed another very old mpz function mpz_array_init due to it being inherently unsafe , and not really used anyway
Jason On Sunday 17 April 2011 15:08:01 Bill Hart wrote: > Yes, this was a joint and considered decision at the time and I'm > prepared to live with my vote on that one. :-) > > Bill. > > On 17 April 2011 14:58, Cactus <rieman...@gmail.com> wrote: > > On Apr 17, 1:28 pm, "Sisyphus" <sisyph...@optusnet.com.au> wrote: > >> ----- Original Message ----- > >> From: "jason" > >> > >> > On Apr 12, 3:09 am, "Sisyphus" > >> > > >> >> Also, I find in gmp.h: > >> >> > >> >> #define __GNU_MP_VERSION 5 > >> >> #define __GNU_MP_VERSION_MINOR 0 > >> >> #define __GNU_MP_VERSION_PATCHLEVEL 1 > >> >> #define GMP_VERSION "5.0.1" > >> >> > >> >> Not sure that we really want that when mpz_powm_sec (available only > >> >> with gmp-5) is missing from the mpir implementation. > >> > > >> > Yep , we made a decision not to do an mpz_powm_sec as we didn't think > >> > that a general bignum library was the right place for a "secure" powm, > >> > although barring that , we should put some note on the website > >> > >> Hmmm ... my feeling is that the significance of mpz_powm() would also be > >> drastically reduced if not for its importance in matters related to > >> security ... so there's probably an argument for not supporting it, > >> too. (But I'll leave that to those far more skilled in sophistry than I > >> :-) > > > > There are lots of uses of mpz_powm that don't involve security and, > > since we don't imply that it has any security properties, anyone who > > does use it for security is on their own in this respect. > > > > And I really don't see a good reason for denying its use by all > > potential users simply because some people might use it > > inappropriately. > > > >> I think that if forking gmp is the aim, then the user probably expects > >> that it has been forked "warts and all" ... and therein could be some > >> sort of argument that making those sorts of selective decisions is > >> outside of your jurisdiction. > > > > I don't see how this could be outside the jurisdiction of those who > > forked the MPIR version of GMP. > > > > Surely any group of people are free to fork GMP and then decide > > (within the confines of licensing) the extent to which they wish to > > maintain compatibiliity with the original version? > > > >> Please take that point of view with a grain of salt. Obviously, if gmp > >> were to start doing really ridiculous things, I don't think that any > >> user would expect mpir to follow suit ... but then, I don't think gmp > >> is about to embark upon a path of doing "really ridiculous things". > >> > >> And although gmp is a "general bignum library", bear in mind that it's > >> also often used for doing things associated with security. If I'm not > >> mistaken, openssl now (optionally) uses it. So it's not unreasonable, > >> imo, that it should lend itself to operations that target security. > > > > Clearly, by incorporating security specific functions, GMP could be > > implying that it is suitable for use as a component in building secure > > applications. > > > > The willingness to allow such an implication, and the willingness of > > others to take this on trust, are not things over which those of us > > involved in MPIR have any control. > > > > But I would consider it a misuse of MPIR if it was used as a component > > in a deployed security application. > > > > And I would disassociate myself from any MPIR version that included > > functions whose name implied that MPIR was suitable for such uses. > > > > -- > > You received this message because you are subscribed to the Google Groups > > "mpir-devel" group. To post to this group, send email to > > mpir-devel@googlegroups.com. To unsubscribe from this group, send email > > to mpir-devel+unsubscr...@googlegroups.com. For more options, visit this > > group at http://groups.google.com/group/mpir-devel?hl=en. -- You received this message because you are subscribed to the Google Groups "mpir-devel" group. To post to this group, send email to mpir-devel@googlegroups.com. To unsubscribe from this group, send email to mpir-devel+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/mpir-devel?hl=en.
