[Cryptography] I don't get it.

Phillip Hallam-Baker hallam at gmail.com
Tue Apr 15 17:37:16 EDT 2014


On Tue, Apr 15, 2014 at 11:46 PM, Peter Fairbrother
<zenadsl6186 at zen.co.uk> wrote:
> I  don't get it.
>
> Apple has an unreachable code goto, and it hurts security. OpenSSL has a
> bounds check failure, and it hurts security (and even OpenBSD gets another
> hole).
>
> (no, I am not a fan of Theo's security stance - but it has been better that
> most)
>
> But as far as I can see, almost all of the big holes in the last ten years
> could have been caught by good code checkers.

Human or machine?


> I am no expert in bugs, but it seems to me that about 99% of the reported
> security bugs and holes and so-on could be solved by having a secure
> checking compiler. Which checked for most of the known holes, or perhaps
> just even the top five.

Certainly some good coding standards would help. Like always zero all
memory before returning it in malloc, always zero memory with critical
data before freeing it.


But we have a big problem with C and it is not going to go away with
any of the current upgrade paths people are looking at. Java and C#
are much better but only when all the code is managed code. And they
both require runtime baggage that comes with a truckload of IP issues.
Microsoft .NET is OK but I can't really ship code that depends on
Mono.

C++ is utterly ludicrous, it is vastly worse than C in every respect.
It comes with a large amount of baggage, the code is incomprehensible
when people actually try to use the botched object system.

Which is why I have been working in C and C# for quite a while. But I
still really want a language that allows me to make unencumbered
standalone executable files. One option that might actually be viable
as a consensus for that specific purpose would be Objective C. It adds
an object model to C without the nonsense and incomprehensibility of
C++.




-- 
Website: http://hallambaker.com/


More information about the cryptography mailing list