|
|
|
|
|
|
by flatline
4087 days ago
|
|
|
C/C++ are going to be tied to some runtime libraries but that doesn't seem like as big an externality as being tied to a particular version of an entire VM. You may prevent certain classes of of programming error with a memory-managed language but at the cost of fine-grained control of your memory, and when it comes to security software in general and key management in particular you expose yourself to a whole other set of issues with managed memory. C/C++ are also highly portable, arguably moreso than Java (and certainly moreso than C#). They seem like the safest choice in many ways. |
|
|
And Rust gives you fine-grained memory control without sacrificing safety -- unlike the others it has no garbage collector, and instead proves allocation safety at compile time. In Rust you can know for sure exactly where your key has been copied and when it will get deallocated (to the extent that any program running in virtual memory on normal hardware can know that).
Although I agree that these are the less mature choices, and it's reasonable to reject them for that reason.