Software Security
In the autumn of 2004, Bernstein taught a course about computer software security, titled "UNIX Security Holes". The sixteen members of the class discovered 91 new UNIX security holes. Bernstein, long a promoter of the idea that full disclosure is the best method to promote software security and founder of the securesoftware mailing list, publicly announced 44 of them with sample exploit code. This received some press attention and rekindled a debate over full disclosure.
Bernstein has recently explained that he is pursuing a strategy to "produce invulnerable computer systems". He plans to achieve this by putting the vast majority of computer software into an "extreme sandbox" that only allows it to transform input into output, and by writing bugfree replacements (like qmail and djbdns) for the remaining components that need additional privileges. He concludes: "I won’t be satisfied until I've put the entire security industry out of work."
In spring 2005 Bernstein taught a course on "high speed cryptography". He demonstrated new results against implementations of AES (cache attacks) in the same time period.
As of April 2008, djb's stream cipher "Salsa20" was selected as a member of the final portfolio of the eSTREAM project, part of a European Union research directive.
Read more about this topic: Daniel J. Bernstein
Famous quotes containing the word security:
“We now in the United States have more security guards for the rich than we have police services for the poor districts. If you’re looking for personal security, far better to move to the suburbs than to pay taxes in New York.”
—John Kenneth Galbraith (b. 1908)