On Sat, Apr 26, 2014 at 3:26 AM, John Mija <[email protected]> wrote:
> In summary, Cryptol helps to implement existing known crypto algorithms > correctly, but also to design new crypto algorithms. > Cryptol isn't some kind of magic silver bullet for implementing crypto correctly. While it can help keep crypto implementations closer to their mathematical descriptions, and help formally verify them, that's only half the battle. So, please review the inclusion of crypto. library in the standard lib. As far as I'm concerned, Cryptol changes nothing when it comes to including crypto in Rust's standard library. For starters, Cryptol seems to be something of a self-contained crypto ecosystem, and it's not clear at least to me how it can be applied to verifying crypto implementations in other languages. Even if it could, crypto implementations still need to be verified by security auditors, preferably by multiple, independent auditors. Having crypto in the standard library limits agility around shipping security updates, since now you must update the entire standard library, and not just one library. -- Tony Arcieri
_______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
