Re: [Lit.] Buffer overruns

From: BRG (brg_at_nowhere.org)
Date: 01/31/05

Next message: David Wagner: "Re: Why security parameter 1^k"
Previous message: Pragnik: "Why security parameter 1^k"
In reply to: David Wagner: "Re: [Lit.] Buffer overruns"
Next in thread: David Wagner: "Re: [Lit.] Buffer overruns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 31 Jan 2005 10:40:26 +0000

David Wagner wrote:

> infobahn wrote:
>
>>Since the extra burden of a parachute will not significantly reduce
>>the plane's performance, the analogy is broken.
>
> Oh, no, not the performance argument again. Performance is frequently
> used an excuse not to add security defenses that the programmer doesn't
> want to have to deal with. Sometimes it is a valid excuse, but I have
> to suspect that all too often it is a lousy excuse.

I completely agree.

As many here will know, I publish a widely used AES implementation in C
which is one of the fastest ones around. For private use (i.e non
published) I offer other versions that are not as fast by a factor of
about two but which don't suffer to anywhere near the same extent as my
published version (or any other fast published version) from the sort of
attacks that Daniel Bernstein has discovered.

But in my interactions with many commercial users of my code, the slower
but safer version of my code attracts almost no interest. And yet when
challenged I have seen few convincing arguments that suggest to me that
a factor of two in speed in a small part of their systems functionality
will have any significant impact on their product's performance or cost.

For me this is another manifestation of the "C culture" that I keep on
about - one in which a significant proportion of this community is
obsessively concerned with low level design to the detriment of features
such as reliability, robustness, security and safety that can only be
effectively realised when systems engineering is pursued at a higher
architectural level.

In fact I am in process of moving my cryptographic code into another
language since I now believe the culture that C has unwittingly fostered
is incompatible with the attainment of security. By encouraging the use
of crypto code in C I now believe that I also have unwittingly become a
part of the security problem and not a part of the solution.

Brian Gladman

Next message: David Wagner: "Re: Why security parameter 1^k"
Previous message: Pragnik: "Why security parameter 1^k"
In reply to: David Wagner: "Re: [Lit.] Buffer overruns"
Next in thread: David Wagner: "Re: [Lit.] Buffer overruns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: That Old Anthrax Case
... Evidently security was so lax at Ft. Detrick that even ... basic laboratory safety procedures were not followed. ... Management at the lab should be prosecuted. ... There is no excuse for lax security procedures and even less excuse for ...
(soc.retirement)
Re: That Old Anthrax Case
... Evidently security was so lax at Ft. Detrick that even ... basic laboratory safety procedures were not followed. ... Management at the lab should be prosecuted. ... There is no excuse for lax security procedures and even less excuse for ...
(soc.retirement)
Re: That Old Anthrax Case
... are some people at Ft. Detrick who should also be prosecuted. ... Evidently security was so lax at Ft. Detrick that even ... Management at the lab should be prosecuted. ... There is no excuse for lax security procedures and even less excuse for ...
(soc.retirement)
Re: [Lit.] Buffer overruns
... >> used an excuse not to add security defenses that the programmer doesn't ... Sometimes it is a valid excuse, ... That's always been the majority of the programming and now IT culture: ...
(sci.crypt)