[Cryptography] Heartbleed and fundamental crypto programming practices
tpb-crypto at laposte.net
tpb-crypto at laposte.net
Wed Apr 16 00:38:30 EDT 2014
> Message du 16/04/14 00:14
> De : "Bear"
> As far as I know, C (and C++) with its 'volatile' directive are
> the only language standards that give you a promise about being
> able to force something to never get swapped out and never have
> a read or write specified by the code omitted - which means a
> way to control many of the *implicit* channels you have to care
> about in security code.
>
And that's why so called safer languages, aka java, php or python seem great to program secure software because they don't allow buffer overflows, yet they are not, because you cannot control your program against other attacks, like cache snooping. Something that is doable in C.
More information about the cryptography
mailing list