Daniel J. Bernstein - Software Security

Software Security

In the autumn of 2004, Bernstein taught a course about computer software security, titled "UNIX Security Holes". The sixteen members of the class discovered 91 new UNIX security holes. Bernstein, long a promoter of the idea that full disclosure is the best method to promote software security and founder of the securesoftware mailing list, publicly announced 44 of them with sample exploit code. This received some press attention and rekindled a debate over full disclosure.

Bernstein has recently explained that he is pursuing a strategy to "produce invulnerable computer systems". He plans to achieve this by putting the vast majority of computer software into an "extreme sandbox" that only allows it to transform input into output, and by writing bugfree replacements (like qmail and djbdns) for the remaining components that need additional privileges. He concludes: "I won’t be satisfied until I've put the entire security industry out of work."

In spring 2005 Bernstein taught a course on "high speed cryptography". He demonstrated new results against implementations of AES (cache attacks) in the same time period.

As of April 2008, djb's stream cipher "Salsa20" was selected as a member of the final portfolio of the eSTREAM project, part of a European Union research directive.

Read more about this topic:  Daniel J. Bernstein

Famous quotes containing the word security:

    Our security depends on the Allied Powers winning against aggressors. The Axis Powers intend to destroy democracy, it is anathema to them. We cannot provide that aid if the public are against it; therefore, it is our responsibility to persuade the public that aid to the victims of aggression is aid to American security. I expect the members of my administration to take every opportunity to speak to this issue wherever they are invited to address public forums in the weeks ahead.
    Franklin D. Roosevelt (1882–1945)