crypto for the average programmer

Richard Levitte - VMS Whacker richard at levitte.org
Mon Dec 19 04:39:21 EST 2005 

In message <d4f1333a0512190112n47df8924mc83e2045d9660e21 at mail.gmail.com> on Mon, 19 Dec 2005 03:12:16 -0600, "Travis H." <solinym at gmail.com> said:

solinym> On 12/19/05, Richard Levitte - VMS Whacker <richard at levitte.org> wrote:
solinym> > unsigned char foo[8];
solinym> >
solinym> > (no, it isn't fool proof, but close enough after 1 second
solinym> > of thought).
solinym> 
solinym> I think C guarantees that a char is a byte, but exactly how
solinym> wide that is is processor-dependent.  IIRC, some of the
solinym> machines it was developed on had less than 8 bits per byte,
solinym> but I could be wrong.

Nope, you're right.  For example, on old PDP-10 and DEC-20, you'd have
5 7-bit chars in each 36-bit int.  Not entirely sure how unsigned
chars were implemented, though...

solinym> Surely a smaller byte is antiquated, but a wider char is
solinym> certainly conceivable.

Yup, I realised all that, hence "it isn't fool proof".

solinym> OTOH, if C was truly as portable as is claimed, GNU autoconf
solinym> wouldn't exist.

It's true that the proliferation of incompatible header standards and
platform specific libraries have made things harder, as well as the
differing size and characteristics of some of the types.  Still,
because there's a way to build conditional code in a way that works on
all platforms, I still think it's among the more portable languages.
Not saying it's perfect, far from it, but I've yet to see another
language that has similar characteristics.

solinym> Scripts are fairly portable; I can run bash scripts in
solinym> cygwin,  I can run perl scripts using activeperl.  None have
solinym> required modification so far,

Yeah, for crypto stuff, I must say that I don't find bash or perl to
be strong candidates, at least at the lowest level.

solinym> though some use libraries ("modules") that aren't available
solinym> on the target.

Uhmm, isn't that what you'd use GNU autoconf for?  In my experience,
GNU autoconf is mostly used to figure out what the environment is
composed of, what libraries are available and things like that.

solinym> I realized halfway through this that I was thinking of
solinym> applications that use crypto, and not crypto algorithms per
solinym> se.

Oh...  when you started this thread with talking about rewriting C
libraries to something less error prone, I didn't imagine you were
talking about the higher levels of functionality.  I believe a lot of
languages have a layer to interface with the lower level C libraries,
and I know that at least Perl, Python and Ocaml have interfaces to the
crypto algorithms in OpenSSL.

solinym> But pretty much we sound like we're in agreement on most
solinym> things.

Well, at least that C sucks :-).

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

-- 
Richard Levitte                         richard at levitte.org
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
						-- C.S. Lewis

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list