SHA-3 Round 1: Buffer Overflows
Darren J Moffat
Darren.Moffat at Sun.COM
Mon Feb 23 17:16:25 EST 2009
Steve Furlong wrote:
>>> This just emphasizes what we already knew about C, even the most
>>> careful, security conscious developer messes up memory management.
>
>> However I think it is not really efficient at this stage to insist on secure
>> programming for submission implementations. For the simple reason that
>> there are 42 submissions, and 41 of those will be thrown away, more or less.
>> There isn't much point in making the 41 secure; better off to save the
>> energy until "the one" is found. Then concentrate the energy, no?
>
> Or stop using languages which encourage little oopsies like that. At
> the least, make it a standard practice to mock those who use C but
> don't use memory-safe libraries and diagnostic tools.
As long as you mean use an alternate language for the competition.
Realistically there has to be C (or in many cases even asm)
implementations of these algorithms if they are actually going to be
adopted in real operating systems and real applications.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list