Cryptography and D
deadalnix via Digitalmars-d
digitalmars-d at puremagic.com
Sat Jul 5 18:54:13 PDT 2014
On Sunday, 6 July 2014 at 00:18:19 UTC, Walter Bright wrote:
> On 7/5/2014 12:33 PM, deadalnix wrote:
>> I used to think that. A few years ago, I looked into OpenSSL,
>> noticed several
>> horrors. Several of them mentioned here:
>>
>> https://www.youtube.com/watch?v=GnBbhXBDmwU
>>
>> I had the same reasoning: crytpo is hard and these guys know
>> much more than I do.
>>
>> They don't. The simple fact they are are using C to build
>> security related basic
>> block show that they have no idea what they are doing. No
>> bound check, no memory
>> safety, integer overflow is undefined behavior (which mean
>> that even if you
>> remember to check for it, you are not checking for it).
>
> Sure, but nobody is going to blame us for it :-) whereas they
> will for an official D implementation.
I understand. That is reasonable position. The CS guy in me is
crying, but we got to pick our battle.
More information about the Digitalmars-d
mailing list