[cryptography] To Virtualise or Not?
iang at iang.org
Thu Feb 23 17:44:04 EST 2012
On 23/02/12 11:16 AM, James A. Donald wrote:
> On 2012-02-23 9:07 AM, ianG wrote:
>> Um. I feel exactly the reverse. I feel uncomfortable with crypto code
>> written in languages that guarantee buffer overflows, stack busting
>> attacks, loose semantics at data and calling levels, a 5 x developer
>> penalty, and an obsession about the metal not the customer.
> Language wars are off topic, but ...
Well, yes and no. If this is a theoretical group, then sure.
If however there is a shred of practicality here, no. Understanding
what happens in the real world is critical to delivering useful crypto:
We can wax on about the esoterics of some new mode, but all algorithms
have to pass the coder test as well.
> They had this debate at google, wherein they discovered that good java
> developers could not reliably estimate the way in which java code
> scaled, but that good C++ programmers could reliably estimate the way in
> which C++ code scaled. Since incorrect scaling behavior can bring google
> to its knees ...
Yeah sure. Causality and correlation. The underlying driver here is
that Java coders produce more because they don't need to know as much.
C++ coders might be better at understanding what they produce, but
that's mostly because they have to. C++ is more clunky, it's more
"engineering". They have to know more about that which has been
abstracted away elsewhere.
Is this a benefit or a cost? It's as they say, it's a nice problem to have.
> My C++ code does not have buffer overflows, nor does it ever store
> potentially hostile data of unlimited size, nor does it ever casually
> impose types on void pointers
;-) and most companies' C++ code is written by coders that would like to
say the same thing, but are unsure why it is important. Java
programmers know less and are busy elsewhere.
It's the same debate between Airbus and Boeing pilots... It may be true
that Boeings fly more like real planes, but Airbuses are easier to train
pilots for. Guess which one wins out in the end?
More information about the cryptography