On Sunday, 6 July 2014 at 00:18:19 UTC, Walter Bright wrote:
On 7/5/2014 12:33 PM, deadalnix wrote:
I used to think that. A few years ago, I looked into OpenSSL,
noticed several
horrors. Several of them mentioned here:
https://www.youtube.com/watch?v=GnBbhXBDmwU
I had the same reasoning: crytpo is hard and these guys know
much more than I do.
They don't. The simple fact they are are using C to build
security related basic
block show that they have no idea what they are doing. No
bound check, no memory
safety, integer overflow is undefined behavior (which mean
that even if you
remember to check for it, you are not checking for it).
Sure, but nobody is going to blame us for it :-) whereas they
will for an official D implementation.
I understand. That is reasonable position. The CS guy in me is
crying, but we got to pick our battle.
