[cryptography] To Virtualise or Not?

ianG iang at iang.org
Wed Feb 22 18:07:18 EST 2012

On 22/02/12 17:39 PM, Marsh Ray wrote:

>> "Please help with 'it.'"
> I think I looked at it briefly a year or two ago and, frankly, where I
> got hung up was that it was written in Java.
> I hate to be a purist, but I just feel uncomfortable with crypto code
> written in a language that doesn't have guaranteed constant-time
> operations (e.g. string comparisons) or secure memory overwrite functions.

Um.  I feel exactly the reverse.  I feel uncomfortable with crypto code 
written in languages that guarantee buffer overflows, stack busting 
attacks, loose semantics at data and calling levels, a 5 x developer 
penalty, and an obsession about the metal not the customer.

> Could be worse I suppose. Some days it seems that Javascript crypto is
> inevitable.

Even I haven't gone that far :)  I should tho.


More information about the cryptography mailing list