On Saturday, 5 July 2014 at 23:45:47 UTC, Xinok wrote:
If you don't trust OpenSSL, nobody said you have to use it.
There are plenty of alternatives available. The fact still
remains, implementing your own crypto is a very bad idea.
It seems to be the consensus. In the meantime, people like Mark
Karpeles build their own implementation of SSH in PHP, and
proceed to run a multimillion dollar exchange ( MtGox ).
Building your own crypto is a bad idea. And you know who ignore
bad idea ? Bad programmers. As a results, they are the one
building crypto libs. And you know what is a worse idea than
making your own crypto lib ? Letting Dunning-Kruger lemmings do
it for you.
Why implement a crypto lib in C?
(1) Maximum exposure - If a programming language has more than
100 users, chances are, there's an OpenSSL binding available
for that language. C is an ideal language to make something
available for as many platforms and environments as possible.
This is very true. However, as each plateform has its own
characteristics, you ends up not being able to port that simply,
and worse, you can break security without knowing it doing so.
I understand the social aspect of it, but from a security POV,
this is a neat loss.
I'm not sure if another approach is possible. It is clear that
nobody care about security until catastrophes happens. At least,
the recent event waked up many people on how bad the state of
affair is, and how clueless the people handling it right now are.
(2) Determinism - If your intention is to implement crypto that
is impervious to side-channel attacks, you need a language
that's "close to the metal" and will behave how you expect it
to. For example, Java would be a poor choice because things
like garbage collection and JITing makes code highly
non-deterministic.
D is an option here. Anything that isn't system related obviously
isn't, as you must ensure that you clean the memory behind you.
