[Cryptography] "NSA-linked Cisco exploit poses bigger threat than previously thought"
Steven M. Bellovin
smb at cs.columbia.edu
Thu Aug 25 18:06:55 EDT 2016
On 24 Aug 2016, at 19:12, Dave Horsfall wrote:
> Apologies if this appears twice; I had connectivity problems.
>
> -----
>
> On Wed, 24 Aug 2016, Viktor Dukhovni wrote:
>
>> Sadly incorporating safer standard facilities into the C library is a
>> herculean effort. My take is that the difficulty with C is not so much
>> the language as the rather minimal runtime. If the C library were
>> substantially richer, most programmers would use safer built-in
>> interfaces rather than write unsafe code, or roll their own "safe" code
>> badly.
>
> As someone who has used C since about 1976, I can safely say that it was
> never designed to be secure; it is merely a high-level assembly language.
>
Precisely. I first heard more or less that line from Doug McIlroy himself;
he called C the best assembler language he'd ever used.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
More information about the cryptography
mailing list