Sign in / up

back to article Devs working to stop Go math error bugging crypto software

Consider this an item for the watch-list, rather than a reason to hit the panic button: a math error in the Go language could potentially affect cryptographic libraries. Security researcher Guido Vranken (who earlier this year fuzzed up some bugs in OpenVPN) found an exponentiation error in the Go math/big package. Big …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Well, ain't that precious!

    You say stop and I say go go go, oh no.....!

    1 0 Reply
  2. John Smith 19 Gold badge
    Unhappy

    So who uses Go for their crypto?

    Google, who developed it?

    0 1 Reply
    1. Christian Berger
      Reply Icon

      Re: So who uses Go for their crypto?

      Well apparently Go can check for array bounds which, given the many security problems we had with this, is a good idea to do on code that handles crypto.

      1 0 Reply

    2. This post has been deleted by its author

  3. MiguelC Silver badge

    Funny that "off-by-1 result" assertion

    I really had to GO and check the math.

    If you change the divisor value in the linked example from "66666670001111111111" to "66666670001111111101" you get an off-by-3 result.

    And some other changes resulted in other differences.

    2 0 Reply
  4. Eclectic Man Silver badge

    Pedant alert

    A pedantic point, I know, but large primes are only used for public key cryptography, or asymmetric cryptography. Most symmetric cryptography uses Feistel Ciphers, which use bitwise operations, as they are less processor intensive. The asymmetric cryptography is generally used for transporting or agreeing the symmetric algorithm's keys, or signing data.

    1 0 Reply
    1. EnviableOne
      Reply Icon

      Re: Pedant alert

      yeah, bbut if the semetric keys arent communicated securely, the semetric crypto is useless

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon