[Cryptography] defaults, black boxes, APIs, and other engineering thoughts
James A. Donald
jamesd at echeque.com
Wed Jan 8 03:13:53 EST 2014
On 2014-01-07 21:52, Jerry Leichter wrote:
> We regularly sacrifice security on the alter of efficiency - see the
> C++ STL and its approach to iterators. (I wrote about this years
> ago: http://catless.ncl.ac.uk/Risks/21.85.html#subj5.4)
C++ fixed the gets and sprintf problems long ago, and for the most
part it has automated memory management.
To mitigate the iterator problem, needs "for each"
VC 2008 has a non standard, non portable, "for each" command.
The C++11 standard uses "for" to do the same thing.
for (auto x : v) {/*do something with all x in v*/}
for (auto& x : v) {/*do something to all x in v*/}
Then there is the std::for_each with its infamously user hostile
syntax. Requires the lambda calculus to be useful, which is only
available in C++11
More information about the cryptography
mailing list