[Cryptography] how reliably do audits spot backdoors?

[Jonathan Thornburg]

On Sat, 28 Dec 2013, Jerry Leichter wrote:
> It really depends on what you're doing.  Java only *appears* to
> do it all for you; while you can't get the traditional memory leak
> (memory to which no accessible pointers exist), you can easily build
> up piles of guck that's pointed to by hash table entries you forgot
> to clean up, for example.  And the GC doesn't help you with non-memory
> resources.  [[...]]

A related point, which seems relevant in view of the recent thread on
whether all-integer-arithmetic-modulo-2^N is (paraphrasing) "logical"
or "evil":

In C, signed-integer size and overflow semantics are a "quality of
implementation" issue, i.e., a C compiler is allowed-but-not-required
to trap signed integer overflow.  E.g., gcc supports the '-ftrapv'
option which generates traps for signed overflow on addition, subtraction,
and multiplication operations.  C unsigned integers have (guaranteed)
modulo-2^N arithmetic semantics.

In Java, ONLY 32-bit signed integers are available; there are NO unsigned
integers and no 64-bit (or other-length) integers available.  Moreover,
integer overflow checking is forbidden, i.e., if you take i = 2147483647
and add one to it, the result is REQUIRED to be -2147483648.

In C++, native integers are the same as C, but the language permits one
to define (say) an integer-with-guaranteed-overflow-checking class; other
code can then rely on overflows being caught.

-- 
-- "Jonathan Thornburg [remove -animal to reply]" <jthorn at astro.indiana-zebra.edu>
   Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
   "There was of course no way of knowing whether you were being watched
    at any given moment.  How often, or on what system, the Thought Police
    plugged in on any individual wire was guesswork.  It was even conceivable
    that they watched everybody all the time."  -- George Orwell, "1984"