[Haskell-cafe] cryptography in haskell

Marcel Fourné haskell at marcelfourne.de
Wed Feb 18 13:47:30 UTC 2015


Am Tue, 17 Feb 2015 10:43:12 +0100 schrieb Marcel Fourné:
>Am Sat, 7 Feb 2015 11:53:42 -0500 schrieb Patrick Mylund Nielsen:
>>In other words, Haskell eliminates several classes of errors, but
>>doesn't prevent logic errors, and can do nothing about poor standards.
>>
>>Aside from this, I think the main issues would be:
>>
>>  - Timing resistance: This is not as simple as sprinkling some
>> bitwise
>>operations on your crypto code. It took a long time to figure out even
>>the basics in OpenSSL, and for better and worse it's more difficult to
>>intuit what your Haskell code will be compiled to than it is with C
>>(though C compilers have been known to optimize away constant-time
>>code.)
>[...]
>(3) No branches based on the content of bits of the secret key.

Basically, an encoding of the advice[0] Peter Schwabe gave at ShmooCon
2015 for C-like languages translate well to Haskell, but having
typecheckable timing attack resistance would be nicer.

Cheers,
Marcel Fourné

[0]:https://cryptojedi.org/peter/data/shmoocon-20150118.pdf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://mail.haskell.org/pipermail/haskell-cafe/attachments/20150218/f73374c1/attachment.sig>


More information about the Haskell-Cafe mailing list