[19317] in cryptography@c2.net mail archive
Re: crypto for the average programmer
daemon@ATHENA.MIT.EDU (Travis H.)
Sun Dec 18 22:57:51 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 18 Dec 2005 21:56:11 -0600
From: "Travis H." <solinym@gmail.com>
To: Bill Stewart <bill.stewart@pobox.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <6.2.1.2.0.20051217220040.037c0648@pop.idiom.com>
Anytime someone wants to rewrite a C library in a language less prone
to buffer overflows, I'm totally for it. Some say that "it's not the
library, it's the programmer", but I think that denies human factors.=20
C simply requires too much machinery on top of it to use it securely.
It is possible to write secure C code, much as it is possible to write
portable C code, but it requires discipline, and C makes it marginally
harder to use new constructs than native ones. C's string libraries
in particular are so complex to use securely that OpenBSD rewrote
them. And unlike portability, one cannot create a test that assures
that you have coded securely.
And yet cryptographers continue to write in C.
HHLs have their problems; in an interpreted language with immutable
strings, it may be hard to overwrite a crypto key. However, these
kinds of problems do not account for 50% of the current
vulnerabilities the way buffer overflows do.
--
http://www.lightconsulting.com/~travis/ -><- P=3DNP if (P=3D0 or N=3D1)
"My love for mathematics is like 1/x as x approaches 0."
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
