On 2-4-2013 10:08, Mark Morgan Lloyd wrote: > Reinier Olislagers wrote: >> On 2-4-2013 5:13, Noah Silva wrote: > Depends. If you're using (say) a hash function to store a token in lieu > of a password then the important thing is that this behaves consistently > across platforms and program versions. If an external library eliminated > a potential security flaw (the most common case being when null text was > processed) that might be significant in the case of key scheduling for > data transfer over an insecure channel, but not for purely local storage.
Well, yes. But you can hardly limit use of the function to local storage only. > As usual, there's little substitute for the original programmer knowing > what he's doing, and for him documenting what he's done so that > maintainers know what sort of external event can cause an issue. ... and prove it works/interoperates by including a test set, as I think Silvio has done. _______________________________________________ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-pascal
