[148696] in cryptography@c2.net mail archive
Re: [Cryptography] how reliably do audits spot backdoors?
daemon@ATHENA.MIT.EDU (Benjamin Kreuter)
Wed Dec 25 14:48:40 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 25 Dec 2013 12:35:21 -0500
From: Benjamin Kreuter <brk7bx@virginia.edu>
To: jamesd@echeque.com
In-Reply-To: <52BA8FDE.5020306@echeque.com>
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============7992725300525545747==
Content-Type: multipart/signed; micalg=PGP-SHA512;
boundary="Sig_/kW9Iv4v3635CLM09d1UG7QD"; protocol="application/pgp-signature"
--Sig_/kW9Iv4v3635CLM09d1UG7QD
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
On Wed, 25 Dec 2013 17:57:18 +1000
"James A. Donald" <jamesd@echeque.com> wrote:
> >>> So the fact that it is possible for the sum of two positive
> >>> integers to be a negative number is idiomatic?
>=20
> > "James A. Donald" <jamesd@echeque.com> wrote:
> >> To me that is totally intuitive and natural,
>=20
> On 2013-12-25 11:48, Benjamin Kreuter wrote:
> > 1. You just referred to *undefined behavior* as "intuitive."
>=20
> That the sum of two positive numbers is a negative number is defined=20
> behavior, word length being defined.
Signed integer overflow is undefined behavior in C.
> >> You get the higher level language problem that the libraries are
> >> slightly different on each machine, which results in nightmare
> >> installations.
>=20
> > Are you claiming that the situation is worse than it is in C?
>=20
> Observe, that pretty much every program written in C simply installs,=20
> and pretty much every program written in python simply does not.
Really? Installing C programs is generally a matter of following this
pattern:
./configure
(find missing dependency)
./configure
(find missing dependency of dependency)
make
(figure out why it didn't compile)
make
make install
./configure
(find another missing dependency)
Is that what you call "simply installing?" I call that a nightmare of
tracking down libraries and dependencies, no different from the
nightmare one would face with software written in any other language.
That is why so much effort was put into repository systems and
installer programs.
-- Ben
--=20
Benjamin R Kreuter
KK4FJZ
--
"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
--Sig_/kW9Iv4v3635CLM09d1UG7QD
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iQIcBAEBCgAGBQJSuxdfAAoJEP3W2K8t6K+jsb8P/34zaeI855mhTjiL9sRIEwUQ
gAjcF9YQ6kjUJUXTS71ypkI0HmUoRxKICUGU22bCgI4gPLCQvQdK5MEGR4Mw3XJ3
OFpIIJMTy3s+TDAJ+WmkDZj8e+rHAKQhsVcbbnrLD0kEuF5xJ2zBhVYJZoO37ps5
oDRoizw0E/RsRi0isfqZyAs5gpk6WK8TdSEVrrL8aCiBSrcXakljx5nb6sM9bMt3
P5hqXTepDJ6xlUxEA5j150UohHwT/W3s+EFFef0ixVuJAByAQ8hyA3oKU07tIA63
5b/Cg69RqmPrcaP9eEE+f8CRHjMFtnM1o4j/lTBgCiIGBxHR+bjTG1g9MSZFl90D
6oVJ/0IRCynS+ZxVKpVKqullgL1vaf8LarHNEhCRHKc6WH/VBhasCbo1fexZGsaq
pK/yrfwPJZ6Of5KBcjKuSkC7lbqq28ShwGyoYQBHwI8EI/P2+a6jXB8D+UYIguJw
Zy0I5PNby6LYd08ZUIPNWvwjy1WR6JUFl/ByLRMwlS09DTzyvKx2ylVz/H+9yRlg
XvH2g+Hbg7v4hoGR360N+aso4tXDT288ukjTB/7USafytt0+CaJ0YxxDz6ulFA0I
kh1f6QinltKPLhBUebyKtt9qdmn2znLVWYzBMsgeWu2nUeUngwPRTVNsbTYDrDEn
GSL19J6vCvYXHeOKiFqU
=eFBl
-----END PGP SIGNATURE-----
--Sig_/kW9Iv4v3635CLM09d1UG7QD--
--===============7992725300525545747==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============7992725300525545747==--
