[Cryptography] Secure erasure

Ron Garret ron at flownet.com
Tue Sep 13 11:14:17 EDT 2016 

On Sep 12, 2016, at 8:44 PM, Henry Baker <hbaker1 at pipeline.com> wrote:

> At 03:48 PM 9/12/2016, Watson Ladd wrote:
>> If only there was a widely used embedded language designed by the DoD with built-in bounds checks, widespread compiler support on different architectures, and in GCC.
>> 
>> Maybe it's even named after a woman.
> 
> Having studied Ada at some length, I see no significant advantage
> of Ada over C for any of the purposes we discuss on these lists.
> 
> My opinion isn't based on the characteristics of the language,
> per se, but on the inability to control the fine details of the
> implementation.
> 
> What's the point of having a garbage collector (in some versions
> of Ada), if you can't control fine details enough to make sure
> that it isn't going to ruin your real-time performance?

Who are you, and what have you done with Henry Baker?  Because Henry Baker would surely know that:

1.  Ada doesn’t have GC, not even in “some versions of Ada.”  Ada was designed for writing embedded controllers, and everyone (you included, apparently, whoever you are) thinks that you can’t do that in a GC’d language.  (Everyone is wrong, and Henry Baker would surely know that too.)

2.  Even if some versions of Ada had a GC you could easily avoid any problems that might cause by simply not using those versions.

3.  Crypto code very rarely has real-time requirements.  Constant-time performance is desirable not for its own sake, but in order to avoid side-channel attacks.  Random timing variations produced by circumstances unrelated to key material (like a GC) can actually be beneficial.

4.  Constant-time code can easily be written even in a GC'd language by writing code that doesn’t cons.

5.  Hard-real-time GC’s exist if for some reason you absolutely had to have real-time consing code.

6.  The only thing standing between you and the ability to "control the fine details of the implementation" of a language is your willingness to hack a compiler, or write a vendor a check.

#6 is the smoking gun that proves you aren’t Henry Baker, because the real Henry Baker could write three Ada compilers before breakfast.  ;-)

All that notwithstanding, I’ll go ahead and take the bait: What language would you advocate using for crypto if not Ada?  Surely not Scheme if your principal complaint about Ada is the GC?

rg

More information about the cryptography mailing list