[Cryptography] How programming language design can help us write secure crypto code
Dave Horsfall
dave at horsfall.org
Sun Nov 1 14:03:01 EST 2015
[ Subject line cleaned up a bit - FORGERY removed ]
On Sat, 31 Oct 2015, Bill Frantz wrote:
> As a programmer from the 1970s, I never expect the compiler to remove my
> paranoid tests as modern gcc seems to do. Of course, in the 1970s, most
> of my code was in assembler, where removal behind my back is much much
> less likely.
<AOL>
Me too...
</AOL>
Mind you, there was the FORTRANH compiler, which was so slow with its
optimisation that ordinary students weren't allowed to use it; we were
stuck with WATFIV, or FORTRANG if we behaved ourselves and learned to
write proper code (as if you could in FORTRAN anyway).
> I have always thought of C as a machine independent assembler. Having it
> remove code I have written completely blows that idea. And removing code
> is a poor way to trust the programmer.
Funny you should say that... I've always regarded C as a high-level
assembler, and I am astonished that people would think otherwise.
Quietly removing code from a security application is... not good... I'd
like to know how it can possibly be formally verified, if GCC subsequently
proceeds to stab you in the back.
--
Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer."
More information about the cryptography
mailing list