Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <8007904f-d86d-783f-35c9-b53aeb025e32@comcast.net>
Date: Wed, 22 Nov 2017 12:10:02 -0500
From: Chad Dougherty <dougherty477@...cast.net>
To: oss-security@...ts.openwall.com
Subject: Re: Go programming language invalid modular
 exponentiation result (Exp() in math/big pkg)

On 2017-11-22 11:34, Michal Zalewski wrote:
>> Is this fuzzer freely available?  I'd love to try it out on the bignum
>> support I added to the CHICKEN Scheme implementation for its upcoming
>> new major release (probably somewhere mid-2018).  Being able to release
>> it with a bit higher confidence in its correctness would be nice, as this
>> is almost all brand new code.
> 
> Not the same tool, but Hanno released a bignum fuzzer that found quite
> a few issues back in the day:
> 
> https://github.com/hannob/bignum-fuzz/
> 

One more reference that might help you, perhaps indirectly, is 
Ralf-Philipp Weinmann's talk from BlackHat USA 2015, "Assessing and 
Exploiting BigNum Vulnerabilities":

<https://comsecuris.com/slides/slides-bignum-bhus2015.pdf>

-- 
     -Chad

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.