[Haskell-cafe] cryptography in haskell

[Julian Ospald]

Hi,

I've been wondering about the state of cryptography in haskell. Not so
much in the sense of "what libraries are out there?", but rather about
the question what crpyto and IT security people think about ideas like
rewriting something as OpenSSL in haskell.

I know it can be technically done, but are there any remarks in this
area that are important for practical security?

For example, some people think that it can be dangerous to implement
something like this in high-level languages (e.g. java which was
vulnerable to timing attacks).

Of course I think haskell can do a lot for us to make things safer:
* type safety
* referential transparency
* explicit knowledge about side-effects and which kind
...

But that doesn't tell me if it introduces new pitfalls/attack-vectors
for practical cryptography implementations.


--
Regards,
Julian Ospald