[pycrypto] the sad state of pycrypto
Sergey Chernov
sergey.chernov at thrift.ru
Tue Nov 11 05:27:40 CST 2008
If the problem is to avoid buffer overrun in C code and it worth
thinking of other languages, try C++. For example, pycrypto C++
extension interface may provide safe (handcoded) buffer and vector
classes (templates) which could be as safe against overruns as
language-backed arrays as in higher level languages. Requirement to
use these vector/buffer implementations for future implementation may
be better solution than adding another language to C/Python. As C++ is
integrated with C compiler on absolutely most platforms and is
supported by setuptools be default, we can assume that C++ is already
supported in any python C extension.
Moreover, proper C++ infrastructure could make extension writing
process quite streamlined and easy and force developers to use safe
and wise techniques.
Sergey Chernov
sergey.chernov at thrift.ru
09.11.2008, в 18:34, Dwayne C. Litzenberger написал(а):
> Cryptography is a waste of time if an attacker can make your program
> run arbitrary code, thanks to a buffer overflow or other subtle bug.
> I am hesitant to add new algorithms to PyCrypto until they can be
> developed in a more trustworthy fashion.
>
> (I'm toying with the idea of a restricted subset of C that requires
> all arrays to be of size 2**n, and requires the appropriate bit-wise
> AND whenever indexing the array. However, an implementation is a
> long way off. I'm also interested in languages like D and BitC, but
> I'm not sure about the maturity of their compilers. I could use
> help here.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2193 bytes
Desc: not available
Url : http://lists.dlitz.net/pipermail/pycrypto/attachments/20081111/823c8342/attachment.bin
More information about the pycrypto
mailing list