On Saturday, 5 July 2014 at 19:33:31 UTC, deadalnix wrote:
I used to think that. A few years ago, I looked into OpenSSL,
noticed several horrors. Several of them mentioned here:
https://www.youtube.com/watch?v=GnBbhXBDmwU
I had the same reasoning: crytpo is hard and these guys know
much more than I do.
They don't. The simple fact they are are using C to build
security related basic block show that they have no idea what
they are doing. No bound check, no memory safety, integer
overflow is undefined behavior (which mean that even if you
remember to check for it, you are not checking for it).
If you don't trust OpenSSL, nobody said you have to use it. There
are plenty of alternatives available. The fact still remains,
implementing your own crypto is a very bad idea.
Why implement a crypto lib in C?
(1) Maximum exposure - If a programming language has more than
100 users, chances are, there's an OpenSSL binding available for
that language. C is an ideal language to make something available
for as many platforms and environments as possible.
(2) Determinism - If your intention is to implement crypto that
is impervious to side-channel attacks, you need a language that's
"close to the metal" and will behave how you expect it to. For
example, Java would be a poor choice because things like garbage
collection and JITing makes code highly non-deterministic.
