[cryptography] To Virtualise or Not?
iang at iang.org
Wed Feb 22 18:07:18 EST 2012
On 22/02/12 17:39 PM, Marsh Ray wrote:
>> "Please help with 'it.'"
> I think I looked at it briefly a year or two ago and, frankly, where I
> got hung up was that it was written in Java.
> I hate to be a purist, but I just feel uncomfortable with crypto code
> written in a language that doesn't have guaranteed constant-time
> operations (e.g. string comparisons) or secure memory overwrite functions.
Um. I feel exactly the reverse. I feel uncomfortable with crypto code
written in languages that guarantee buffer overflows, stack busting
attacks, loose semantics at data and calling levels, a 5 x developer
penalty, and an obsession about the metal not the customer.
Even I haven't gone that far :) I should tho.
More information about the cryptography