Re: Avoiding C++ Templates In Cipher Implementation

From: Benjamin Goldberg (
Date: 06/10/03

Date: Mon, 09 Jun 2003 19:50:43 -0400

Ernst Lippe wrote:
> Benjamin Goldberg wrote:
>> Mok-Kong Shen wrote:
>>> Russ Lyttle wrote:
>>>> Indeed, there has to be a main() or nothing happens. But the final
>>>> code can be very optimized, compact, and hard to reverse engineer.
>>> I don't quite understand what's meant by 'hard to reverse
>>> engineer' in the present context.
>> In STL (and most other libraries using templates), the majority of
>> the methods have their bodies defined within the body of the class
>> definition. Thus, when we decompile code which uses an STL template,
>> we often don't see that a class is being used -- we merely see the
>> class's data, and the inlined method calls (not as subroutine calls,
>> just blocks of code).
>> If we uses stl templated algorithms... usually, helper classes
>> (predicates, generators, etc.) don't have much if any member data
>> (and often have just one or two methods, with the method bodies
>> defined within the helper class definition; and thus are inlineable,
>> and the helper class definition itself may be throw-away-able by the
>> compiler, if all uses of it/it's methods are inlined).
>> Because the compiler may throw away so much data, the resulting
>> binary program will have code which is quite opaque when we try to
>> decompile it.
[snip: inlined code doesn't make a binary program totally opaque]
> But on the whole I don't think that this security by obscurity is not
> a very important issue. Whatever you do, you don't stand any chance
> against a really motivated attacker.

Quite right. I was merely answering Mok's complaint that he didn't
understand what was meant by "hard to reverse engineer."

I never said that templates or inlined code protect against a truly
modivated attacker.

> Correctness of the program is far more important than this form of
> obscurity, so when using templates makes it more likely that your
> program contains errors they should be avoided.

Non sequiter. Correct code is correct code, incorrect code is incorrect
code. While I thoroughly understand how templates can complicate
reverse engineering of program binaries, I do *not* see how they prevent
proofs of correctness.

> Now given the fact that the semantics of templates are pretty
> complicated

I disagree with this. Or rather, some parts of the semantics of
templates are complicated, but you generally don't need to *use* those
parts, and can easily restrict yourself to those parts which aren't
complicated, without significant loss of flexibility. This is, of
course, MHO.

> and that many compilers have bugs in their implementations,
> there is a real probability that using templates will introduce bugs.

With this, however, I sadly agree.

$a=24;split//,240513;s/\B/ => /for@@=qw(ac ab bc ba cb ca
);{push(@b,$a),($a-=6)^=1 for 2..$a/6x--$|;print "$@[$a%6
]\n";((6<=($a-=6))?$a+=$_[$a%6]-$a%6:($a=pop @b))&&redo;}

Relevant Pages

  • Re: Cross platform C++ base library?
    ... I've been trying for some years now, but I really find the convoluted templates of STL to ... member names just for the map would have been a good idea... ... // Check if 'theKey' is a key stored in the map 'myMap' ...
  • InitUtil version 2 released
    ... A while back I wrote a little library of templates to aid in the ... purpose of setting up test cases while learning to use STL facilities. ... not quite ready for prime time wrt InitUtil... ... compile InitUtil version 2. ...
  • Re: trouble creating array of objects
    ... > I do see a lot of people using builtin arrays who are asking questions ... >>the STL. ... And I think a programmer should learn classes before templates, ...
  • Re: msvcp90d.dll and msvcr90d.dll
    ... STL is built with source code ... You don't _need_ the DLL. ... Standrad C++ library consists mostly, but not entirely, of templates. ...
  • Re: A really good reference on digital filters
    ... was broken in 1994 and I am sure it's still broken - templates ... to certain OO paradigms. ... template is daunting, very very daunting. ... The problem with the STL is that it was developed ...