[Cryptography] "NSA-linked Cisco exploit poses bigger threat than previously thought"
Dave Horsfall
dave at horsfall.org
Wed Aug 24 19:12:42 EDT 2016
Apologies if this appears twice; I had connectivity problems.
-----
On Wed, 24 Aug 2016, Viktor Dukhovni wrote:
> Sadly incorporating safer standard facilities into the C library is a
> herculean effort. My take is that the difficulty with C is not so much
> the language as the rather minimal runtime. If the C library were
> substantially richer, most programmers would use safer built-in
> interfaces rather than write unsafe code, or roll their own "safe" code
> badly.
As someone who has used C since about 1976, I can safely say that it was
never designed to be secure; it is merely a high-level assembly language.
Yes, it has structure, but it's still a high-level assembly language; if
you want a secure language then use one. Using it otherwise is like
putting lipstick upon a pig, viz: it's still a pig, no matter how much
lipstick is used.
--
Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer."
More information about the cryptography
mailing list