|
Boost : |
Subject: Re: [boost] [xint] Boost.XInt formal review
From: Chad Nelson (chad.thecomfychair_at_[hidden])
Date: 2011-03-11 19:51:00
On Fri, 11 Mar 2011 11:28:25 -0600
Nevin Liber <nevin_at_[hidden]> wrote:
>> Airtight security is a hard problem that requires massive amounts of
>> time and attention to get right, and is best reserved for programs
>> that absolutely require it.
>
> Forget about airtight. What guarantees are you making that the memory
> has been zeroed in the presence of an aggressive optimizer? [...]
That was brought up during the review this week. I plan to implement
much safer zeroing code than is presently in there now, and provide a
way for people to add their own if they feel that my implementation is
insufficient.
> This stuff is hard to get right. You are better off not implementing
> it.
On the contrary. It's *because* it's hard to get right that it belongs
in a library.
-- Chad Nelson Oak Circle Software, Inc. * * *
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk