Cryptography and D
Walter Bright via Digitalmars-d
digitalmars-d at puremagic.com
Sat Jul 5 19:27:50 PDT 2014
On 7/5/2014 6:54 PM, deadalnix wrote:
> On Sunday, 6 July 2014 at 00:18:19 UTC, Walter Bright wrote:
>> On 7/5/2014 12:33 PM, deadalnix wrote:
>>> I used to think that. A few years ago, I looked into OpenSSL, noticed several
>>> horrors. Several of them mentioned here:
>>>
>>> https://www.youtube.com/watch?v=GnBbhXBDmwU
>>>
>>> I had the same reasoning: crytpo is hard and these guys know much more than I
>>> do.
>>>
>>> They don't. The simple fact they are are using C to build security related basic
>>> block show that they have no idea what they are doing. No bound check, no memory
>>> safety, integer overflow is undefined behavior (which mean that even if you
>>> remember to check for it, you are not checking for it).
>>
>> Sure, but nobody is going to blame us for it :-) whereas they will for an
>> official D implementation.
>
> I understand. That is reasonable position. The CS guy in me is crying, but we
> got to pick our battle.
Yeah I know, I'd like to roll our own, too!
More information about the Digitalmars-d
mailing list