[Cryptography] "NSA-linked Cisco exploit poses bigger threat than previously thought"

Steven M. Bellovin smb at cs.columbia.edu
Thu Aug 25 18:06:55 EDT 2016


On 24 Aug 2016, at 19:12, Dave Horsfall wrote:

> Apologies if this appears twice; I had connectivity problems.
>
> -----
>
> On Wed, 24 Aug 2016, Viktor Dukhovni wrote:
>
>> Sadly incorporating safer standard facilities into the C library is a
>> herculean effort.  My take is that the difficulty with C is not so much
>> the language as the rather minimal runtime.  If the C library were
>> substantially richer, most programmers would use safer built-in
>> interfaces rather than write unsafe code, or roll their own "safe" code
>> badly.
>
> As someone who has used C since about 1976, I can safely say that it was
> never designed to be secure; it is merely a high-level assembly language.
>
Precisely.  I first heard more or less that line from Doug McIlroy himself;
he called C the best assembler language he'd ever used.



        --Steve Bellovin, https://www.cs.columbia.edu/~smb




More information about the cryptography mailing list