[Cryptography] "NSA-linked Cisco exploit poses bigger threat than previously thought"
Steven M. Bellovin
smb at cs.columbia.edu
Wed Aug 24 14:00:27 EDT 2016
On 24 Aug 2016, at 2:05, Ron Garret wrote:
>
> Because of these constraints, it is not possible to write safe C in a
> way that is “natural” to the language. You have to put a safe
> layer on top of the native language. That safe layer requires the
> programmer to adhere to some discipline in order not to undermine the
> safety. But there is no standard on how to implement a safe layer,
> only different and mutually incompatible conventions.
This is the issue: C makes it hard to do the right thing. Sure, good
programmers will expend the extra effort to get it right -- Dave Presto
wrote a safe string library for his upas mailer in the mid-1908s,
*before* the Morris Worm. I asked him about that once: "I didn't think
I could get it right any other way." But the fact that everyone else
has had to roll their own illustrates the problem.
Sure, Java isn't a panacea. But it does solve certain problems very
well.
More information about the cryptography
mailing list