<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: cipe-l,AT,inka,DOT,de
Subject: Re: About Peter Gutmann's critique of CIPE
From: Allan Latham <alatham,AT,flexsys-group,DOT,com>
Date: Fri, 26 Sep 2003 16:43:15 +0200
In-reply-to: <C823AC1DB499D511BB7C00B0D0F0574C584153@serverdell2200.interclean.com>
References: <C823AC1DB499D511BB7C00B0D0F0574C584153@serverdell2200.interclean.com>


forgive me for being pedantic but there are no degrees of correctness.

Either the routines are correct or they are not. In CIPE they are small and 
are confined only to those necessary for the product. They are open to 
inspection and small enough to understand.

I would rather put my faith in that than in a big general purpose library 
where the routines needed by CIPE are a tiny fraction of the total.

Further general purpose libraries are subject to change without notice. What 
appears to be an unrelated bugfix may introduce a bug elsewhere.

Best regards


On Friday 26 September 2003 16:19, David Brodbeck wrote:
> > -----Original Message-----
> > From: Allan Latham [mailto:alatham,AT,flexsys-group,DOT,com
> >
> > In many cases it makes good sense to offload functionality to
> > standard
> > libraries - this is not such a case. CIPE contains a correct
> > implementation
> > of all the crypto functionality it needs. Absolutely nothing
> > is gained by
> > delegating this to a library function.
> I'm not sure I agree with this argument.  Can you be *sure* that your
> implementation is more correct than any library version?
> The example I'm thinking of here is the zlib buffer overflow.  Programs
> that used the shared library were easy to fix just by replacing the
> library. Unfortunately a lot of people didn't want to rely on the library,
> and had cut-and-pasted the code into their own software, security hole and
> all. Those programs are *still* being tracked down and fixed, while the
> ones that simply used the library instead of reinventing the wheel are
> secure.

<< | Thread Index | >> ]    [ << | Date Index | >> ]