lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Tue, Nov 27, 2012 at 05:59:04PM +0100, Frank Meier-Dörnberg wrote:
> Am 27.11.2012 14:07, schrieb Rob Kendrick:
> >...
> >Yes.  I'd be interested in hearing your plans for byte code
> >verification; as far as I can tell it is a halting problem, and the
> >false sense of security it might provide is one of the reasons it was
> >removed from Lua 5.2.
> >...
> >
> +1 to this explanation.
> 
> I would say:
> It is not possible to guarantee sane byte code (particular if it is
> created in bad faith)
> but it should possible to guarantee to know who is the creator of
> the byte code (by cryptographic signing)
> So, my question is: What is meant by "secure (byte) code"? What kind
> or level of security is aimed?

An HMAC might be sufficient if the aim is to only load what you saved,
and you're receiving it over a network.

B.