[Cryptography] It's all K&R's fault
Bear
bear at sonic.net
Sat Apr 19 19:59:38 EDT 2014
On Sat, 2014-04-19 at 18:10 -0400, Benjamin Kreuter wrote:
> On Fri, 2014-04-18 at 18:54 -0400, Jerry Leichter wrote:
> > And yet the fact of the matter is that some of the most reliable code
> > out there is written in C.
>
> This is a non-sequitur. Sure, it is *possible* to write reliable and
> secure code in C, it is just difficult to do.
>
> > What's important isn't the language as such, and it's been proven over
> > and over again that it's possible to write unsafe code in any
> > language.
>
> "Possible" is not the same as "probable." I have far less confidence in
> the security or reliability of C or C++ programs than programs written
> in Haskell or ML. It's not that Haskell is a guarantee of security,
> it's that the effort needed to avoid certain classes of errors is
> substantially reduced.
There are different aspects of security that are important here.
I am more confident that someone will not be able to get an application
written in Haskell or ML to do other than behave as its writer intended.
That is important in terms of security.
I am more confident that someone writing in C will be able to create an
application that doesn't leave copies of information you want private
sitting around the system in public places. That is also important in
terms of security.
Now, if only I could be confident that the person writing in C had
*BOTHERED* to write an application that doesn't leave copies of
confidential information lying around, I'd feel better. But the person
writing in Haskell or ML, literally CANNOT avoid leaving copies of
data values lying around in memory.
Bear
More information about the cryptography
mailing list