Steve Furlong wrote:
This just emphasizes what we already knew about C, even the most
careful, security conscious developer messes up memory management.
However I think it is not really efficient at this stage to insist on secure
programming for submission implementations. For the simple reason that
there are 42 submissions, and 41 of those will be thrown away, more or less.
There isn't much point in making the 41 secure; better off to save the
energy until "the one" is found. Then concentrate the energy, no?
Or stop using languages which encourage little oopsies like that. At
the least, make it a standard practice to mock those who use C but
don't use memory-safe libraries and diagnostic tools.
As long as you mean use an alternate language for the competition.
Realistically there has to be C (or in many cases even asm)
implementations of these algorithms if they are actually going to be
adopted in real operating systems and real applications.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
