Domain: tribble.com
Stories and comments across the archive that link to tribble.com.
Comments · 8
-
Re:Recursion is dead!
You should read "GOTO considered harmful" before you bash it.
"Most programmers have heard the adage "Never use goto statements", but few of today's computer science students have the benefit of the historical context in which Dijkstra made his declaration against them. Modern programming dogma has embraced the myth that the goto statement is evil, but it is enlightening to read the original tract and realize that this dogmatic belief entirely misses the point."
http://david.tribble.com/text/...In the bad old days, all you had was goto, and every program looked like spaghetti. Now that we have if...then...else, loops, switch-case statements,
goto should only be used as a last resort (and every use should be justified). I've been a professional programmer for twenty years; last year I used goto *twice*.And never forget https://xkcd.com/292/
-
Re:Signatures are hashes
you just demonstrated that you have no clue what you are talking about
I suggest you put on a cup.
you confused symmetric and asymmetric crypto. Here is a hint: Verifying a hash means to verify a shared, known good value, that is known-good by a different mechanism.
A hash is usually called "one-way encryption." Hashes are MD5, SHA1, SHA256, and so forth. Checksums are a form of hash, thus CRC32 and the simple overflow checksum.
Hashes are not symmetric. Symmetric encryption uses a single key to encrypt and decrypt. Such algorithms include RC4, AES, DES, Twofish, Blowfish, and others.
Verifying a signature means an asymmetric verification, no shared value involved.
Except the signature is shared.
I refer you to this friendly diagram of digital signing. As you can see, signing a message involves first computing the hash value, and then encrypting it with the private key; verification of the signature involves decrypting the hash with the public key and comparing it to the hash of the message. A PGP signed message starts as follows:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1Now let's re-read what I said:
A digital signature is a hash that's been encrypted using a private key such that the public can verify its authenticity. Regardless of all attacks, if you have the public key, you can validate that the published hash is indeed published by a holder of the private key.
Verifying the digital signature of a download is done by computing the hash, verifying that hash, and verifying that the provided hash was encrypted with a public key matching a particular private key.
As I have demonstrated, a digital signature is indeed an encrypted hash. That hash can be replaced by a man-in-the-middle attack, but there is no way for an attacker without the private key to digitally encrypt the hash in such a way that it will verify correctly using the expected public key. Thus the hash is verifiable, and an adulterated hash is non-verifiable.
If your hash is a published MD5 or SHA256 with no encryption (not a signature), a man-in-the-middle can replace the original program *and* the hash with the non-cryptographically-verifiable values. The integrity check will succeed so long as the file isn't damaged, and the authenticity cannot be checked.
Thus a digital signature *is* a hash, performs all the functions of a hash, and additionally performs authentication.
-
Re:Python is doomed
-
C++ is not a superset of C
While C++ 98 and C 99 are similar languages, they have many incompatibilities. See http://david.tribble.com/text/cdiffs.htm for details.
-
Re:GOTO considered harmful
Go To Statement Considered Harmful: A Retrospective
There's an interesting bit of code at the bottom of the page. // A challenge to the reader to rewrite without using goto's
int parse()
{
Token tok;
reading:
tok = gettoken();
if (tok == END)
return ACCEPT;
shifting:
if (shift(tok))
goto reading;
reducing:
if (reduce(tok))
goto shifting;
return ERROR;
} -
Re:goto considered harmful !!!
He in fact ends his paper by saying that goto is not to be avoided at all costs, in fact quite the opposite.
"The exercise to translate an arbitrary flow diagram more or less mechanically into a jump-less one, however, is not to be recommended. Then the resulting flow diagram cannot be expected to be more transparent than the original one. "
You have to understand when he wrote that paper people were doing what we would do know as while loops and switch statements with goto. He was arguing for alternatives like those.
Using goto as a method of doing exception handling in a situation where you either don't have or want to avoid higher level structured exception handling is a reasonable approach.
David Tribble has a good analysis of the article and opinions about modern use of goto:
http://david.tribble.com/text/goto.html -
Re:Any language?
Which C99 feature do you need to use that:
1) Isn't also a C++ feature (that covers a large chunk of C99)
2) Isn't already a vendor-specific extension
3) Doesn't have a commonly-known (and often-used) workaround?
C99 is still new enough that compiler support is very spotty (for example, GCC C99 status) anyways.
Take another look over David R. Tribble's list of C99 v. C++ incompatabilities. I find it difficult to believe that there will be anyone stymied by having a C++ compiler but not a C99 compiler. -
Re:Compile the kernel?