Note from a donor
Jonathan M Davis
newsgroup.d at jmdavisprog.com
Wed Oct 25 14:17:21 UTC 2017
On Wednesday, October 25, 2017 13:22:46 Kagamin via Digitalmars-d wrote:
> On Tuesday, 24 October 2017 at 16:37:10 UTC, H. S. Teoh wrote:
> > (Having said all that, though, D is probably a far better
> > language for implementing crypto algorithms -- built-in bounds
> > checking would have prevented some of the worst security holes
> > that have come to light recently, like Heartbleed and
> > Cloudbleed.
>
> Those were buffer overflows in parsers, not in cryptographic
> algorithms.
The point still stands though that you have to be _very_ careful when
implementing anything security related, and it's shockingly easy to do
something that actually leaks information even if it's not outright buggy
(e.g. the timing of the code indicates something about success or failure to
an observer), and someone who isn't an expert in the area is bound to screw
something up - and since this is a security issue, it matters that much more
than it would with other code.
- Jonathan M Davis
More information about the Digitalmars-d
mailing list