[pro] Heartbleed?

Nathan Froyd froydnj at gmail.com
Fri Apr 25 20:42:13 UTC 2014


On Fri, Apr 25, 2014 at 4:20 PM, William Lederer
<william.lederer at gmail.com> wrote:
> Thus, I feel Lisp is better but not a total panacea.  For example, has the
> Ironclad library been examined by a cryptographer? Does it, for example, do
> constant-time comparisons to avoid timing leaks?

The answer to these (and many other questions of cryptographic
sophistication) is no.  Ironclad has many deficiencies that make it
unsuitable for serious cryptographic software.

I'm not sure that several constant-time checks can even be implemented
in Common Lisp without some serious assistance from and/or knowledge
of the implementation.

-Nathan




More information about the pro mailing list