>> We can significantly reduce that liability by removing any assembler >> optimisations. Also just because something is available doesn't mean it >> has to be "default". We can have good defaults whilst keeping old crypto. > > Zooko Wilcox O'Hearn recently gave a talk at a software assurance > conference on the downsides of assembly language routines in software. > I'm trying to locate it now. All in all, this is probably a move in > the right direction, especially for non-contemporary algorithms, to > help sunset them and maintain them with minimal effort. My bad... I just talked to Zooko about the presentation. He was not able to attend the conference, so there is no presentation to link to. However, here is the write-up in the Tahoe-LAFS Bug Reporter: https://tahoe-lafs.org/trac/pycryptopp/ticket/85#comment:20. It makes the case for No-ASM. (And was the corpus of knowledge for the presentation). Jeff
