[144280] in cryptography@c2.net mail archive
Re: SHA-3 Round 1: Buffer Overflows
daemon@ATHENA.MIT.EDU (Darren J Moffat)
Tue Feb 24 13:23:18 2009
Date: Mon, 23 Feb 2009 22:16:25 +0000
From: Darren J Moffat <Darren.Moffat@Sun.COM>
In-reply-to: <7d752ae30902231305odd94eb2h2355cbe7f3d3f9e2@mail.gmail.com>
To: Steve Furlong <demonfighter@gmail.com>
Cc: Cryptography <cryptography@metzdowd.com>, cypherpunks@al-qaeda.net,
gold-silver-crypto@rayservers.com
Steve Furlong wrote:
>>> This just emphasizes what we already knew about C, even the most
>>> careful, security conscious developer messes up memory management.
>
>> However I think it is not really efficient at this stage to insist on secure
>> programming for submission implementations. For the simple reason that
>> there are 42 submissions, and 41 of those will be thrown away, more or less.
>> There isn't much point in making the 41 secure; better off to save the
>> energy until "the one" is found. Then concentrate the energy, no?
>
> Or stop using languages which encourage little oopsies like that. At
> the least, make it a standard practice to mock those who use C but
> don't use memory-safe libraries and diagnostic tools.
As long as you mean use an alternate language for the competition.
Realistically there has to be C (or in many cases even asm)
implementations of these algorithms if they are actually going to be
adopted in real operating systems and real applications.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
