Software Security
In the autumn of 2004, Bernstein taught a course about computer software security, titled "UNIX Security Holes". The sixteen members of the class discovered 91 new UNIX security holes. Bernstein, long a promoter of the idea that full disclosure is the best method to promote software security and founder of the securesoftware mailing list, publicly announced 44 of them with sample exploit code. This received some press attention and rekindled a debate over full disclosure.
Bernstein has recently explained that he is pursuing a strategy to "produce invulnerable computer systems". He plans to achieve this by putting the vast majority of computer software into an "extreme sandbox" that only allows it to transform input into output, and by writing bugfree replacements (like qmail and djbdns) for the remaining components that need additional privileges. He concludes: "I won’t be satisfied until I've put the entire security industry out of work."
In spring 2005 Bernstein taught a course on "high speed cryptography". He demonstrated new results against implementations of AES (cache attacks) in the same time period.
As of April 2008, djb's stream cipher "Salsa20" was selected as a member of the final portfolio of the eSTREAM project, part of a European Union research directive.
Read more about this topic: Daniel J. Bernstein
Famous quotes containing the word security:
“...I lost myself in my work and never felt that marriage would give me the security I wanted. I thought that through the trade union movement we working women could get better conditions and security of mind.”
—Mary Anderson (1872–1964)