[pycrypto] the sad state of pycrypto

Sergey Chernov sergey.chernov at thrift.ru
Tue Nov 11 05:27:40 CST 2008

If the problem is to avoid buffer overrun in C code and it worth  
thinking of other languages, try C++. For example, pycrypto C++  
extension interface may provide safe (handcoded) buffer and vector  
classes (templates) which could be as safe against overruns as  
language-backed arrays as in higher level languages. Requirement to  
use these vector/buffer implementations for future implementation may  
be better solution than adding another language to C/Python. As C++ is  
integrated with C compiler on absolutely most platforms and is  
supported by setuptools be default, we can assume that C++ is already  
supported in any python C extension.

Moreover, proper C++ infrastructure could make extension writing  
process quite streamlined and easy and force developers to use safe  
and wise techniques.

Sergey Chernov
sergey.chernov at thrift.ru

09.11.2008, в 18:34, Dwayne C. Litzenberger написал(а):

> Cryptography is a waste of time if an attacker can make your program  
> run arbitrary code, thanks to a buffer overflow or other subtle bug.  
> I am hesitant to add new algorithms to PyCrypto until they can be  
> developed in a more trustworthy fashion.
> (I'm toying with the idea of a restricted subset of C that requires  
> all arrays to be of size 2**n, and requires the appropriate bit-wise  
> AND whenever indexing the array.  However, an implementation is a  
> long way off.  I'm also interested in languages like D and BitC, but  
> I'm not sure about the maturity of their compilers.  I could use  
> help here.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2193 bytes
Desc: not available
Url : http://lists.dlitz.net/pipermail/pycrypto/attachments/20081111/823c8342/attachment.bin 

More information about the pycrypto mailing list