On 7/5/2014 12:33 PM, deadalnix wrote:
I used to think that. A few years ago, I looked into OpenSSL, noticed several
horrors. Several of them mentioned here:
https://www.youtube.com/watch?v=GnBbhXBDmwU
I had the same reasoning: crytpo is hard and these guys know much more than I
do.
They don't. The simple fact they are are using C to build security related basic
block show that they have no idea what they are doing. No bound check, no memory
safety, integer overflow is undefined behavior (which mean that even if you
remember to check for it, you are not checking for it).
Sure, but nobody is going to blame us for it :-) whereas they will for an
official D implementation.
