Cryptography and D

deadalnix via Digitalmars-d digitalmars-d at puremagic.com
Sat Jul 5 18:54:13 PDT 2014


On Sunday, 6 July 2014 at 00:18:19 UTC, Walter Bright wrote:
> On 7/5/2014 12:33 PM, deadalnix wrote:
>> I used to think that. A few years ago, I looked into OpenSSL, 
>> noticed several
>> horrors. Several of them mentioned here:
>>
>> https://www.youtube.com/watch?v=GnBbhXBDmwU
>>
>> I had the same reasoning: crytpo is hard and these guys know 
>> much more than I do.
>>
>> They don't. The simple fact they are are using C to build 
>> security related basic
>> block show that they have no idea what they are doing. No 
>> bound check, no memory
>> safety, integer overflow is undefined behavior (which mean 
>> that even if you
>> remember to check for it, you are not checking for it).
>
> Sure, but nobody is going to blame us for it :-) whereas they 
> will for an official D implementation.

I understand. That is reasonable position. The CS guy in me is 
crying, but we got to pick our battle.


More information about the Digitalmars-d mailing list