[Cryptography] how reliably do audits spot backdoors?
Benjamin Kreuter
brk7bx at virginia.edu
Wed Dec 25 12:35:21 EST 2013
On Wed, 25 Dec 2013 17:57:18 +1000
"James A. Donald" <jamesd at echeque.com> wrote:
> >>> So the fact that it is possible for the sum of two positive
> >>> integers to be a negative number is idiomatic?
>
> > "James A. Donald" <jamesd at echeque.com> wrote:
> >> To me that is totally intuitive and natural,
>
> On 2013-12-25 11:48, Benjamin Kreuter wrote:
> > 1. You just referred to *undefined behavior* as "intuitive."
>
> That the sum of two positive numbers is a negative number is defined
> behavior, word length being defined.
Signed integer overflow is undefined behavior in C.
> >> You get the higher level language problem that the libraries are
> >> slightly different on each machine, which results in nightmare
> >> installations.
>
> > Are you claiming that the situation is worse than it is in C?
>
> Observe, that pretty much every program written in C simply installs,
> and pretty much every program written in python simply does not.
Really? Installing C programs is generally a matter of following this
pattern:
./configure
(find missing dependency)
./configure
(find missing dependency of dependency)
make
(figure out why it didn't compile)
make
make install
./configure
(find another missing dependency)
Is that what you call "simply installing?" I call that a nightmare of
tracking down libraries and dependencies, no different from the
nightmare one would face with software written in any other language.
That is why so much effort was put into repository systems and
installer programs.
-- Ben
--
Benjamin R Kreuter
KK4FJZ
--
"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131225/090e9503/attachment.pgp>
More information about the cryptography
mailing list