Buffer overruns - sci.crypt

The old Google Groups will be going away soon, but your browser is incompatible with the new version.

« Groups Home

sci.crypt

Discussions

+ new post

About this group

Subscribe to this group

This is a Usenet group - learn more

Message from discussion Buffer overruns

D. J. Bernstein

View profile

More options Jan 15 2005, 7:38 pm

Newsgroups: sci.crypt, comp.security.unix

From: "D. J. Bernstein" <d...@cr.yp.to>

Date: Sun, 16 Jan 2005 00:38:02 +0000 (UTC)

Local: Sat, Jan 15 2005 7:38 pm

Subject: Re: [Lit.] Buffer overruns

Print | View thread | Show original | Report this message | Find messages by this author

I often see people saying ``Nobody has produced an invulnerable software
system; therefore, nobody will ever produce an invulnerable software
system.''

By the same bogus reasoning, nobody will ever reach Mars; nobody will
ever find MD5 collisions; nobody will ever cure cancer; nobody will ever
prove the Poincare conjecture; nobody will ever clone a human; nobody
will ever build a 1GHz CPU; nobody will ever find SHA-1 collisions;
nobody will ever break the sound barrier; etc.

David Wagner wrote:
> The goal is to reduce the risk of security flaws; eliminating the
> risk is probably infeasible.

Do you have any justification for the latter statement?

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy

Account Options