[Cryptography] [cryptography] Is it time for a revolution to replace TLS?
Tony Arcieri
bascule at gmail.com
Fri Apr 25 12:28:47 EDT 2014
On Fri, Apr 25, 2014 at 1:42 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>wrote:
> As with "let's replace C with My Pet Programming Language", you can
> write crap in any language you want. The problem isn't the language
There's an entire class of memory safety bugs which are possible in C but
not possible in Rust. These also happen to be the class of bugs that lead
to Heartbleed-like secret leakage or remote code execution vulnerabilities.
The problem is very much the language. C has too many sharp edges to write
crypto code safely.
Heartbleed has also done a great job of illustrating that all the band-aids
they try to put on these sharp edges are also flawed.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140425/837f32ce/attachment.html>
More information about the cryptography
mailing list