Note from a donor

Andre Pany andre at s-e-a-p.de
Sun Oct 29 08:22:36 UTC 2017 

On Wednesday, 25 October 2017 at 22:46:27 UTC, Adam Wilson wrote:
> On 10/25/17 11:23, H. S. Teoh wrote:
>> On Wed, Oct 25, 2017 at 08:17:21AM -0600, Jonathan M Davis via 
>> Digitalmars-d wrote:
>>> [...]
>> [...]
>>
>> Yeah.  There have been timing attacks against otherwise-secure 
>> crypto
>> algorithms that allow extraction of the decryption key.  And 
>> other
>> side-channel attacks along the lines of CRIME or BREACH.  Even 
>> CPU
>> instruction timing attacks have been discovered that can leak 
>> which path
>> a branch in a crypto algorithm took, which in turn can reveal
>> information about the decryption key.  And voltage variations 
>> to deduce
>> which bit(s) are 1's and which are 0's.  Many of these remain
>> theoretical attacks, but the point is that these weaknesses 
>> can come
>> from things you wouldn't even know existed in your code. 
>> Crypto code
>> must be subject to a LOT of scrutiny before it can be trusted. 
>> And not
>> just cursory scrutiny like we do with the PR queue on github; 
>> we're
>> talking about possibly instruction-by-instruction scrutiny of 
>> the kind
>> that can discover vulnerabilities to timing or voltage.
>>
>> I would not be comfortable entrusting any important data to D 
>> crypto
>> algorithms if they have not been thoroughly reviewed.
>>
>>
>> T
>>
>
> I am one-hundred-ten percent in agreement with Mr. Teoh here. 
> Even .NET Framework and Core forward to the highly vetted 
> system crypto API's (SChannel on Windows and OpenSSL on 
> Linux/macOS). If you need RSA crypto in D, pull in OpenSSL. 
> Period. Everything else is a good way to run afoul of a 
> security audit, and potentially expose yourself.
>
> Phobos could forward to these system provided API's like .NET 
> does and provide an idiomatic D interface, but Phobos itself 
> should absolutely and 110% stay out of the crypto 
> implementation business.

I think you made a very good point, it was also mentioned by 
someone else in this thread. Phobos could provide a crypto 
interface with implementions for SChannel, mbedtls, openssl.
On Windows SChannel would be used as default implementation and 
on the other operation systems either openssl or mbedtls.
This would be very convenient and we would avoid opening the 
Pandora box.

I will close my issue and create a new one with the request for a 
crypto interface in Phobos.

Kind regards
Andre

More information about the Digitalmars-d mailing list