14 Nov
2014
14 Nov
'14
7:28 a.m.
Alexander Berntsen
On 12/11/14 13:41, Dominic Steinitz wrote:
E.g. if openssl were written in Haskell ... timing attacks would be trivial.
You could argue to use things like Cryptol where it makes sense to use them. But remember that Haskell is not a silver bullet for security.
I think it would be straightforward to circumvent timing attacks. Clearly there are other attack modes as well and it would be interesting to see how easily these could be addressed in Haskell. Interestingly I just found this: http://www.mitls.org/wsgi/home which uses F#. I hope I didn't claim that Haskell was a silver bullet for security. At the very least, it certainly couldn't address bugs in protocols although it might help in finding them.