'Allan Latham' <alatham,AT,flexsys-group,DOT,com>, cipe-l,AT,inka,DOT,de|
RE: About Peter Gutmann's critique of CIPE|
David Brodbeck <DavidB,AT,mail,DOT,interclean,DOT,com>|
Fri, 26 Sep 2003 10:19:14 -0400|
> -----Original Message-----
> From: Allan Latham [mailto:alatham,AT,flexsys-group,DOT,com
> In many cases it makes good sense to offload functionality to
> libraries - this is not such a case. CIPE contains a correct
> of all the crypto functionality it needs. Absolutely nothing
> is gained by
> delegating this to a library function.
I'm not sure I agree with this argument. Can you be *sure* that your
implementation is more correct than any library version?
The example I'm thinking of here is the zlib buffer overflow. Programs that
used the shared library were easy to fix just by replacing the library.
Unfortunately a lot of people didn't want to rely on the library, and had
cut-and-pasted the code into their own software, security hole and all.
Those programs are *still* being tracked down and fixed, while the ones that
simply used the library instead of reinventing the wheel are secure.