Entertaining back and forth on C, C++ and OpenSSL

https://www.schneier...e_on_heartbl.html

C isn't formally verifiable and, in fact, it's even hard to correctly parse. In other words, developing security related software in C is akin to Schneier or Bernstein not properly developing algorithms but asking drunk college boys on a weekend night to come up with something.

[...]

I nodded in agreement so hard I might have to see a chiropractor.

OpenSSL's src is a mess. If cyaSSL can mirror its basic functionality and do such a thing with code that is both legible and importantly it is advertized as 20 times smaller than OpenSSL. Of course it is targeted towards the embedded market but I would rather audit a significantly smaller codebase that a lay sysadmin can likely understand than try and analyze the Pandora's box that is OpenSSL's source. It really is a disgrace.

[...]

The problem is that in C++ you can't even guarantee that 1 + 1 = 2. You have to look at the disassembled code.

[...]

I'm still mulling over the fact that Neel Mehta of Google discovered Heartbleed, apparently as part of assigned team duties. He has a rarely updated twitter page https://twitter.com/neelmehta; Google has not allowed interviews.

This says to me that Google doesn't trust OpenSSL Software in the slightest and is paying for its own top to bottom code review of the whole security software enterprise.

[...]

(via a comment at Wonkette - http://wonkette.com/...-surprise-for-you )

Cheers,
Scott.

Post #388,511 by Another Scott 4/12/14 8:04:17 PM 4/12/14 8:08:36 PM Reply	Entertaining back and forth on C, C++ and OpenSSL https://www.schneier...e_on_heartbl.html C isn't formally verifiable and, in fact, it's even hard to correctly parse. In other words, developing security related software in C is akin to Schneier or Bernstein not properly developing algorithms but asking drunk college boys on a weekend night to come up with something. [...] I nodded in agreement so hard I might have to see a chiropractor. OpenSSL's src is a mess. If cyaSSL can mirror its basic functionality and do such a thing with code that is both legible and importantly it is advertized as 20 times smaller than OpenSSL. Of course it is targeted towards the embedded market but I would rather audit a significantly smaller codebase that a lay sysadmin can likely understand than try and analyze the Pandora's box that is OpenSSL's source. It really is a disgrace. [...] The problem is that in C++ you can't even guarantee that 1 + 1 = 2. You have to look at the disassembled code. [...] I'm still mulling over the fact that Neel Mehta of Google discovered Heartbleed, apparently as part of assigned team duties. He has a rarely updated twitter page https://twitter.com/neelmehta; Google has not allowed interviews. This says to me that Google doesn't trust OpenSSL Software in the slightest and is paying for its own top to bottom code review of the whole security software enterprise. [...] (via a comment at Wonkette - http://wonkette.com/...-surprise-for-you ) Cheers, Scott. Edited by Another Scott April 12, 2014, 08:08:36 PM EDT Expand All History
Post #388,525 by static 4/13/14 4:45:27 PM Reply	Akamai doesn't trust it either. They put in their own malloc functions to separate secure memory from everything else. It meant that the heartbleed bug on their servers probably didn't leak keys, but they don't have actual evidence one way or the other. Wade. Just Add Story http://justaddstory.wordpress.com/
Post #388,532 by Another Scott 4/13/14 6:44:51 PM Reply	Interesting.

Welcome to IWETHEY!