[Cryptography] programming languages and the people who (don't) love them, was "NSA-linked Cisco exploit poses bigger threat than previously thought"

John Levine johnl at iecc.com
Fri Aug 26 16:46:08 EDT 2016


>> ObCrypto: very little of the crypto code I use has to run in the kinds
>> of environments where C's advantages are important, so it's a reasonable
>> question why application libraries like openssl are still in C.
>
>It is still important that crypto code be callable as efficient 
>libraries. One wouldn't want to, say, instantiate an entire Python 
>environment every time the caller starts a new hash or encryption. And 
>it seems a good idea to program pretty close to the metal to head off 
>timing attacks, not let keys drift off into garbage collection land, etc.

Of course, but there are languages like Rust that purport to provide
code efficiency comparable to C's with better type safety, and can use
calling sequences compatible with C.

Now I'm wondering how much of the problem is library management and
build tools that make it too hard to combine code written in different
languages, or perhaps programmers who still find programming in
multiple languages too hard.



More information about the cryptography mailing list