On Wednesday, October 25, 2017 13:22:46 Kagamin via Digitalmars-d wrote: > On Tuesday, 24 October 2017 at 16:37:10 UTC, H. S. Teoh wrote: > > (Having said all that, though, D is probably a far better > > language for implementing crypto algorithms -- built-in bounds > > checking would have prevented some of the worst security holes > > that have come to light recently, like Heartbleed and > > Cloudbleed. > > Those were buffer overflows in parsers, not in cryptographic > algorithms.
The point still stands though that you have to be _very_ careful when implementing anything security related, and it's shockingly easy to do something that actually leaks information even if it's not outright buggy (e.g. the timing of the code indicates something about success or failure to an observer), and someone who isn't an expert in the area is bound to screw something up - and since this is a security issue, it matters that much more than it would with other code. - Jonathan M Davis
