Boost :

Subject: Re: [boost] [xint] Boost.XInt formal review
From: Chad Nelson (chad.thecomfychair_at_[hidden])
Date: 2011-03-11 19:51:00

• Next message: Chad Nelson: "Re: [boost] [xint] Boost.XInt formal review"
• Previous message: Kim Barrett: "Re: [boost] [xint] Boost.XInt formal review"
• In reply to: Nevin Liber: "Re: [boost] [xint] Boost.XInt formal review"
• Next in thread: Nevin Liber: "Re: [boost] [xint] Boost.XInt formal review"
• Reply: Nevin Liber: "Re: [boost] [xint] Boost.XInt formal review"
• Reply: Anders Dalvander: "[boost] [xint] Boost.XInt formal review"

On Fri, 11 Mar 2011 11:28:25 -0600
Nevin Liber <nevin_at_[hidden]> wrote:

>> Airtight security is a hard problem that requires massive amounts of
>> time and attention to get right, and is best reserved for programs
>> that absolutely require it.
>
> Forget about airtight. What guarantees are you making that the memory
> has been zeroed in the presence of an aggressive optimizer? [...]

That was brought up during the review this week. I plan to implement
much safer zeroing code than is presently in there now, and provide a
way for people to add their own if they feel that my implementation is
insufficient.

> This stuff is hard to get right. You are better off not implementing
> it.

On the contrary. It's *because* it's hard to get right that it belongs
in a library.

-- 
Chad Nelson
Oak Circle Software, Inc.
*
*
*

• application/pgp-signature attachment: signature.asc

• Next message: Chad Nelson: "Re: [boost] [xint] Boost.XInt formal review"
• Previous message: Kim Barrett: "Re: [boost] [xint] Boost.XInt formal review"
• In reply to: Nevin Liber: "Re: [boost] [xint] Boost.XInt formal review"
• Next in thread: Nevin Liber: "Re: [boost] [xint] Boost.XInt formal review"
• Reply: Nevin Liber: "Re: [boost] [xint] Boost.XInt formal review"
• Reply: Anders Dalvander: "[boost] [xint] Boost.XInt formal review"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk