SHA-3 Round 1: Buffer Overflows
Steve Furlong
demonfighter at gmail.com
Mon Feb 23 13:05:41 PST 2009
>> This just emphasizes what we already knew about C, even the most
>> careful, security conscious developer messes up memory management.
> However I think it is not really efficient at this stage to insist on secure
> programming for submission implementations. For the simple reason that
> there are 42 submissions, and 41 of those will be thrown away, more or less.
> There isn't much point in making the 41 secure; better off to save the
> energy until "the one" is found. Then concentrate the energy, no?
Or stop using languages which encourage little oopsies like that. At
the least, make it a standard practice to mock those who use C but
don't use memory-safe libraries and diagnostic tools.
Regards,
SRF
--
Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209
More information about the cypherpunks-legacy
mailing list