Generally speaking, I think software with a security impact should not
be written in C.
Hooey.
The C language is not the problem. The C library is not the problem.
Both of these things were fixed during ANSI standardization, so that
standard-conforming programs will not fail runtime checks
--
Whyte, William [EMAIL PROTECTED]
$25MM figure:
http://lists.jammed.com/ISN/2003/10/0097.html
I stand corrected.
However as was pointed out previously:
: : Further, the license would be limited to only
: : prime field curves where the prime was
: : greater than 2255. On
Victor Duchovni wrote:
On Thu, Sep 15, 2005 at 08:51:02PM -0700, Bill Frantz wrote:
On 9/13/05, [EMAIL PROTECTED] (Perry E. Metzger) wrote:
Generally speaking, I think software with a security impact should not
be written in C.
I agree. I also note that Paul A. Karger and Roger R.
Do you really need to click on this link to know which one it is?
http://cbs5.com/watercooler/watercooler_story_258152613.html
I guess we should give neutral facial expressions for the photo, then
smile (or frown) while in the airport
Sounds like the technology (still) isn't ready for
On Sat, Sep 17, 2005 at 11:53:20AM +0100, Ben Laurie wrote:
My view is that C is fine, but it needs a real library and programmers
who learn C need to learn to use the real library, with the bare-metal
C-library used only by library developers to bootstrap new safe
primitives.
So wouldn't
On Sat, Sep 17, 2005 at 11:40:26AM -0400, Victor Duchovni wrote:
| On Sat, Sep 17, 2005 at 11:53:20AM +0100, Ben Laurie wrote:
|
| My view is that C is fine, but it needs a real library and programmers
| who learn C need to learn to use the real library, with the bare-metal
| C-library used
From: William Allen Simpson [EMAIL PROTECTED]
Do you really need to click on this link to know which one it is?
http://cbs5.com/watercooler/watercooler_story_258152613.html
Which one it is depends what the meaning of one is.
Announced in multiple news sources last year:
On Sat, Sep 17, 2005 at 10:52:48AM -0400, William Allen Simpson wrote:
Do you really need to click on this link to know which one it is?
U.K.? http://www.iht.com/articles/2005/09/12/news/travel13.php
All of them? US and Canadia as well?
On 9/17/05, William Allen Simpson [EMAIL PROTECTED] wrote:
Do you really need to click on this link to know which one it is?
http://cbs5.com/watercooler/watercooler_story_258152613.html
I guess we should give neutral facial expressions for the photo, then
smile (or frown) while in the
Victor Duchovni wrote:
So wouldn't the world be a better place if we could all agree on a
single such library? Or at least, a single API. Like the STL is for C++.
Yes, absolutely, but who is going to do it?
One could argue it has already been done.
There exists a widely available,
[Moderator's note: forwarded on Jerry's behalf -- he's having mail problems.]
| So wouldn't the world be a better place if we could all agree on a
| single such library? Or at least, a single API. Like the STL is for C++.
|
|
|
| Yes, absolutely, but who is going to do it?
|
| One could
Adam Shostack wrote:
On Sat, Sep 17, 2005 at 11:40:26AM -0400, Victor Duchovni wrote:
| On Sat, Sep 17, 2005 at 11:53:20AM +0100, Ben Laurie wrote:
|
| My view is that C is fine, but it needs a real library and programmers
| who learn C need to learn to use the real library, with the
On Sat, Sep 17, 2005 at 08:36:11PM +0100, Ben Laurie wrote:
| Adam Shostack wrote:
| On Sat, Sep 17, 2005 at 11:40:26AM -0400, Victor Duchovni wrote:
| | On Sat, Sep 17, 2005 at 11:53:20AM +0100, Ben Laurie wrote:
| |
| | My view is that C is fine, but it needs a real library and programmers
| |
Ben Laurie wrote:
gets is so not the problem. Using strings that _can_ overflow is the
problem. That means wrapping the entire standard library.
And, of course, the issue is that every other library in the universe
uses C-style strings (etc.), so unless we can all agree on a better
New Zealand did this earlier this year, as part of giving in to pressure
from the US to have passports with biometric information.
Here is a press release of last June from the NZ Green Party's Human
Rights spokesperson. A quote from it Most people arriving in our fair
land have smiles on
On 2005-09-17, Jerrold Leichter wrote (without retaining attributions):
So wouldn't the world be a better place if we could all agree on a
single such library? Or at least, a single API. Like the STL is for C++.
Yes, absolutely, but who is going to do it?
One could argue it has already
--
Ben Laurie [EMAIL PROTECTED]
And, of course, the issue is that every other library
in the universe uses C-style strings (etc.), so unless
we can all agree on a better paradigm, we're screwed.
We have a better paradigm: C++
Use const zero terminated strings where possible, use
STL
I'm not sure what you're trying to demonstrate here. From
the fact that NSA chose to license a few curves, we can
definitely deduce that they want to use those curves. You
deduce from the fact that they didn't license other curves
that there is no patent on those curves, but you could
equally
18 matches
Mail list logo