On Wed, Nov 09, 2011 at 05:00:31PM -0800, Ralph Giles wrote: > On 9 November 2011 16:39, Elly Jones <[email protected]> wrote: > > > 1) Write our own crypto from scratch, in Rust. > > 2) Write bindings for OpenSSL's libcrypto. > > 3) Write bindings for something else external. > > 4) Pull something else external into rustrt, write bindings for that. > > Do (2) and then use it to validate a much smaller set of routines in (1).
The concern is not correctness. Correctness is easy to test. The concern is things like exposure to timing attacks or side-channel attacks. These things cannot be tested for exhaustively, and avoiding them is subtle and fraught with peril. > -r > _______________________________________________ > Rust-dev mailing list > [email protected] > https://mail.mozilla.org/listinfo/rust-dev -- elly
signature.asc
Description: Digital signature
_______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
