[Haskell-cafe] Presenting at Royal Holloway Colloquium

Dominic Steinitz dominic at steinitz.org
Fri Nov 14 12:28:46 UTC 2014


Alexander Berntsen <alexander <at> plaimi.net> writes:

> 
> 
> On 12/11/14 13:41, Dominic Steinitz wrote:
> > E.g. if openssl were written in Haskell
> ... timing attacks would be trivial.
> 
> You could argue to use things like Cryptol where it makes sense to use
> them. But remember that Haskell is not a silver bullet for security.


I think it would be straightforward to circumvent timing
attacks. Clearly there are other attack modes as well and it would be
interesting to see how easily these could be addressed in
Haskell. Interestingly I just found this:
http://www.mitls.org/wsgi/home which uses F#.

I hope I didn't claim that Haskell was a silver bullet for
security. At the very least, it certainly couldn't address bugs in
protocols although it might help in finding them.



More information about the Haskell-Cafe mailing list