Re: Avoiding C++ Templates In Cipher Implementation

From: Brian Gladman (fake_at_nowhere.org)
Date: 06/09/03

• Next message: jsavard_at_ecn.ab.ca: "Re: Another history question was Re: Tunny and SIGABA"
• Previous message: Brian Gladman: "Re: The TDCAL License"
• In reply to: Russ Lyttle: "Re: Avoiding C++ Templates In Cipher Implementation"
• Next in thread: David Hopwood: "Re: Avoiding C++ Templates In Cipher Implementation"
• Reply: David Hopwood: "Re: Avoiding C++ Templates In Cipher Implementation"
• Reply: Russ Lyttle: "Re: Avoiding C++ Templates In Cipher Implementation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 9 Jun 2003 09:14:22 +0100

"Russ Lyttle" <lyttlec@earthlink.net> wrote in message
news:JevEa.39551$Io.3433932@newsread2.prod.itd.earthlink.net...
> Mok-Kong Shen wrote:
> > Russ Lyttle wrote:
> >
[snip]
> Code I write often must meet some combination of the following 3
> requirements. : (1) It must be easy to maintain; (2) It must be proven
> correct; or (3) it must be secure. Pick two.
> (1) requires readable source and easily debugged execuitables. That means
> any one can reverse engineer the object code. Thus less (3).
> Templates make it difficult to meet requirement (2) even though they help
> lots for meeting (1).
> The crypto I do has (3) more important than (2) and often does not have to
> meet (1) at all. The crypto algorithm must be correct.

So you are happy to have incorrect code as long as it is secure?

I personally doubt that (3) is achievable in the absense of (2) since
assurance of security to a certain standard of proof will require proof of
correctness to at least the same standard.

> Crypto devices should have lots of anti-tampering mechanisms. This is only
one.

This might be a requirement but it will not always be necessary.

   Brian Gladman

---

• Next message: jsavard_at_ecn.ab.ca: "Re: Another history question was Re: Tunny and SIGABA"
• Previous message: Brian Gladman: "Re: The TDCAL License"
• In reply to: Russ Lyttle: "Re: Avoiding C++ Templates In Cipher Implementation"
• Next in thread: David Hopwood: "Re: Avoiding C++ Templates In Cipher Implementation"
• Reply: David Hopwood: "Re: Avoiding C++ Templates In Cipher Implementation"
• Reply: Russ Lyttle: "Re: Avoiding C++ Templates In Cipher Implementation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: subroutine stack and C machine model ... C99 *is* the C Standard. ... Evaluation order is an implementation decision. ... but are you the autistic twerp to whom you are referring? ... (comp.lang.c) Re: Is microprocessor an integrated circuit??? ... <severe snip mode on> ... standard clearly defining a byte as not necessarily being eight bits. ... > what does ibm have to do with the official ... THe processor is not a microprocessor. ... (sci.electronics.design) Re: subroutine stack and C machine model ... The Standard ... who's read Schildt, not the Standard. ... Most compilers have left to right evaluation as it happens. ... (comp.lang.c) Re: How secure is software X? ... in my opinion a software can either be secure or not secure. ... to classify security like that would be to condemn every ... How in-depth a fuzzing to we apply for this standard? ... For example, SMTP servers have a pretty standard interface, ... (Bugtraq) Re: add a rudder to a kayak? ... >> views on kayaks and rudders. ... <snip blather> ... You mean there's no women that prefer driving standard? ... >> free to pose it. ... (rec.boats.paddle)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2003-06