by Lane Development and Technology
Ferguson, Schneier and Kohno

In this excerpt on "Complexity" from Cryptography Engineering: Design Principles and Practical Applications by Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno, the authors argue that intense modularization and localized correctness are necessary for any security system to serve its intended purpose. As someone who first came to programming through Java, I still cringe a little when I'm browsing through code and discover repetitions or very similar chunks of code. Or even worse -- code that is intended to serve the same purpose as some other code, but written in a completely different way.

Provided the code base remains small and entirely under the tutelage of a single programmer, a big pile of spaghetti code might be maintainable and functional. But as soon as multiple programmers are involved, or the code base becomes large and months or even years pass between the times a particular chunk of code is revisited, such code becomes more and more prone to breaking. Forget a hacker; if a revision needs to be made to some particular function in your program and there are eight different locations that that function is performed -- three of which look completely different from the others, because they were written on the fly to rapidly solve some bug or slap together some project under a crunch deadline, rather than having been copied and pasted because the locations of the other code had been forgotten -- do you really trust yourself to remember all those locations and perform the change properly in all those locations? What if you've moved on and the job has passed to a new programmer?

Modularization and localized correctness are not just necessities for security systems. Really, they should be regarded as requirements for all but the smallest of programs. I have heard that modularization can make code harder to follow by forcing the coder perusing it to bounce around between different code blocks and files; provided localized correctness is applied -- and liberal commenting and clear naming practices don't hurt either -- this should be a non-issue. Indeed, modularization applied carefully will make code easier to follow, by reducing clutter and redundancy. In the earlier example, once any coders had encountered the function called once and read through its details, they would have no need to re-read the function each time they encountered it again later, potentially significantly improving their efficiency.

Highly modularized, locally correct code will be your best friend in any long-running projects or programs -- not just security systems. That systems built as such will be more secure is a happy side effect.

Recent Posts