[cryptography] To Virtualise or Not?

ianG iang at iang.org
Wed Feb 22 18:07:18 EST 2012


On 22/02/12 17:39 PM, Marsh Ray wrote:

>> "Please help with 'it.'"
>
> I think I looked at it briefly a year or two ago and, frankly, where I
> got hung up was that it was written in Java.
>
> I hate to be a purist, but I just feel uncomfortable with crypto code
> written in a language that doesn't have guaranteed constant-time
> operations (e.g. string comparisons) or secure memory overwrite functions.


Um.  I feel exactly the reverse.  I feel uncomfortable with crypto code 
written in languages that guarantee buffer overflows, stack busting 
attacks, loose semantics at data and calling levels, a 5 x developer 
penalty, and an obsession about the metal not the customer.


> Could be worse I suppose. Some days it seems that Javascript crypto is
> inevitable.

Even I haven't gone that far :)  I should tho.

iang



More information about the cryptography mailing list