Re: Paging all Pluto users / new maintainer

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Paging all Pluto users / new maintainer
From: Rob Kendrick <rjek@...>
Date: Tue, 27 Nov 2012 17:01:33 +0000

On Tue, Nov 27, 2012 at 05:59:04PM +0100, Frank Meier-Dörnberg wrote:
> Am 27.11.2012 14:07, schrieb Rob Kendrick:
> >...
> >Yes.  I'd be interested in hearing your plans for byte code
> >verification; as far as I can tell it is a halting problem, and the
> >false sense of security it might provide is one of the reasons it was
> >removed from Lua 5.2.
> >...
> >
> +1 to this explanation.
> 
> I would say:
> It is not possible to guarantee sane byte code (particular if it is
> created in bad faith)
> but it should possible to guarantee to know who is the creator of
> the byte code (by cryptographic signing)
> So, my question is: What is meant by "secure (byte) code"? What kind
> or level of security is aimed?

An HMAC might be sufficient if the aim is to only load what you saved,
and you're receiving it over a network.

B.

References:
- Paging all Pluto users / new maintainer, Stefan Reich
- Re: Paging all Pluto users / new maintainer, Rob Kendrick
- Re: Paging all Pluto users / new maintainer, Frank Meier-Dörnberg

Prev by Date: Re: Paging all Pluto users / new maintainer
Next by Date: [ANN] bencode-2.0
Previous by thread: Re: Paging all Pluto users / new maintainer
Next by thread: Re: Paging all Pluto users / new maintainer
Index(es):
- Date
- Thread