[Cryptography] defaults, black boxes, APIs, and other engineering thoughts
John Gilmore
gnu at toad.com
Mon Jan 6 15:13:22 EST 2014
> +1 on the competition approach, all the above.
>
> Why not narrow it down? PDF however is a huge project. Pick the one
> thing that we all seem to revert to in any secure code discussion:
>
> buffer overflows in C.
>
> Design the mod to current C language/libraries that best addresses the
> syndrome.
This has already been done. No change to the C language or libraries
is required; the ANSI C committee was diligent in defining the
language to only work when your reach didn't exceed your grasp.
"Saber C" and "valgrind" already implement this. Saber C is now known
as CodeCenter, and its C++ variant is ObjectCenter. It is a
commercial product of Integrated Computer Solutions, which bought it
from Centerline Software and now seems to have stuck it on a shelf:
https://www.cs.cmu.edu/afs/cs.cmu.edu/academic/class/15211/spring.96/www/tutorial.html
http://motif.ics.com/products/codecenter
> Open competition. No rules. Big prize of open endowment for
> academic/research project... (Format already known & practiced.)
You will need rules. If only that "the awarding of the prize will
be at the entire discretion of XXXX". Else we'd just be handing
the prize to a twenty year old compiler (CodeCenter) that's sitting
on a dusty shelf without anyone using it.
> Anyone got a spare mil?
I may know where one can be found, for a good competition.
John
More information about the cryptography
mailing list