[144278] in cryptography@c2.net mail archive
Re: SHA-3 Round 1: Buffer Overflows
daemon@ATHENA.MIT.EDU (Steve Furlong)
Mon Feb 23 16:25:24 2009
In-Reply-To: <49A30AAF.8090709@systemics.com>
Date: Mon, 23 Feb 2009 16:05:41 -0500
From: Steve Furlong <demonfighter@gmail.com>
To: Cryptography <cryptography@metzdowd.com>, cypherpunks@al-qaeda.net,
gold-silver-crypto@rayservers.com
>> This just emphasizes what we already knew about C, even the most
>> careful, security conscious developer messes up memory management.
> However I think it is not really efficient at this stage to insist on secure
> programming for submission implementations. For the simple reason that
> there are 42 submissions, and 41 of those will be thrown away, more or less.
> There isn't much point in making the 41 secure; better off to save the
> energy until "the one" is found. Then concentrate the energy, no?
Or stop using languages which encourage little oopsies like that. At
the least, make it a standard practice to mock those who use C but
don't use memory-safe libraries and diagnostic tools.
Regards,
SRF
--
Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
