Jump to content

Daniel J. Bernstein

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Tqbf (talk | contribs) at 04:15, 22 July 2006 (this fact is not verifiable (name a deployment that was vulnerable). I will continue to revert.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Daniel Julius Bernstein (sometimes known simply as djb; born October 29, 1971) is a professor at the University of Illinois at Chicago, a mathematician, a cryptologist, and a programmer. Bernstein is the author of the computer software qmail and djbdns.

Bernstein brought the court case Bernstein v. United States. As a result of the ruling in that case, software was declared protected speech under the First Amendment and national restrictions on encryption software were overturned. Bernstein was originally represented by the EFF. During later phases of the suit, Bernstein represented himself in court despite having no formal training as a lawyer.

Bernstein has also proposed Internet Mail 2000, an alternative system for electronic mail, intended to replace SMTP, POP3 and IMAP.

Bernstein is a controversial figure. On Usenet and his website, he has publically argued with Wietse Venema and Paul Vixie regarding software and security; Matteo Frigo, author of FFTW, regarding FFT implementation and benchmarking; and Bruce Schneier and Arjen Lenstra regarding computational cost.

Software security

In the autumn of 2004, Bernstein began teaching one of the first formal university-level courses about computer software security, titled "UNIX Security Holes". The 16 members of the class discovered 91 new UNIX security holes. Bernstein, long a promoter of the idea that full disclosure is the best method to promote software security and founder of the securesoftware mailing list, publicly announced 44 of them with sample exploit code. This received some press attention and rekindled a debate over full disclosure.

Bernstein offers a reward of US$500 for verifiable security holes qmail and djbdns.[1][2] As of 2006, these rewards still stand, despite the contested exploitability of a set of qmail bugs found by Georgi Guninski.[3][4][5] Bernstein himself denies that Guninski's claim meets his qualifications.[1]. In over 8 years of deployment, 7 of which saw qmail occupying a slot in the top 10 most popular mail servers, not one exploit has been published that compromises any Bernstein-authored component of qmail on any operating system on any architecture powered by Intel, SPARC, PowerPC, or MIPS. This distinction may be unmatched by any other software of comparable popularity.

Bernstein believes it is possible to write secure software if the programmer is sufficiently dedicated. Thus believing that the widespread prevalence of security holes results from programmer laziness and incompetence, Bernstein argues:

Immediate full disclosure, with a working exploit punishes the programmer for his bad code. He panics; he has to rush to fix the problem; he loses users.
You're whining that punishment is painful. You're ignoring the effect that punishment has on future behavior. It encourages programmers to invest the time and effort necessary to eliminate security problems.[6]

Bernstein has recently explained that he is pursuing a strategy to "produce invulnerable computer systems". Bernstein plans to achieve this by putting the vast majority of computer software into an "extreme sandbox" that prevents it from doing anything besides transforming input into output and by writing bugfree replacements (like qmail and djbdns) for the remaining components that need additional privileges. He concludes: "I won’t be satisfied until I've put the entire security industry out of work." [7]

As of Spring 2005, Bernstein was teaching a course on "High Speed Cryptography".[8] Bernstein demonstrated new results against AES in the same time period.[9]

Software licensing

Source code written by Bernstein was used in the OpenBSD project for a period of time leading up to an unrelated systematic licence audit of the OpenBSD ports and source trees in June 2001.[10] Code in more than a hundred files throughout the system was found to be unlicensed, ambiguously licensed or in use against the terms of the licence. Among other contributions, all software produced by Daniel J. Bernstein was removed from the OpenBSD ports tree. At the time, Bernstein requested that all modified versions of his code be approved by him prior to redistribution, a requirement to which OpenBSD developers were willing to devote neither time nor effort.[11]

Bernstein cited the Netscape web browser as much less free and accused developers of hypocrisy for permitting it to remain while removing his software.[12] The OpenBSD project's stance was that Netscape, although not open source, had licence conditions that were much easier to meet;[13] they asserted that Bernstein's demand for control of derivatives would lead to a great deal of additional work and that removal was the most appropriate way to comply with his requirements. As of November 2005, after the release of OpenBSD 3.8, Daniel J. Bernstein's software was still absent from the ports tree.

Mathematics

Bernstein is a prolific publisher of papers in mathematics and computation. Many of his papers introduce advances in the state of the art for algorithms or implementations. However, he's also a meticulous chronicler of previous advances, for instance his brief but encyclopaedic "Multidigit multiplication for mathematicians".[14]

In 2001 Bernstein published "Circuits for integer factorization: a proposal,"[15] which caused a stir as it potentially suggested that if physical hardware implementations could be close to their theoretical efficiency, then perhaps current views about how large numbers have to be before they are impractical to factor might be off by a factor of three. Thus as 512-digit RSA was then breakable, then perhaps 1536-bit RSA would be too. Bernstein was careful not to make any actual predictions, and emphasised the importance of correctly interpreting asymptotic expressions. However several other important names in the field, Arjen Lenstra, Adi Shamir, Jim Tomlinson, and Eran Tromer disagreed strongly with Bernstein's conclusions.[16] Bernstein has received funding to investigate whether this potential can be realized.

Bernstein is also the author of the mathematical libraries DJBFFT, a fast portable FFT library, and of primegen, an asymptotically fast small prime sieve with low memory footprint based on the sieve of Atkin rather than the more usual sieve of Eratosthenes. Both have been used effectively to aid the search for large prime numbers.

References

  1. ^ a b Daniel J. Bernstein (2005-05-29). "The qmail security guarantee".
  2. ^ Daniel J. Bernstein (2002-11-15). "The djbdns security guarantee".
  3. ^ Georgi Guninski (2005-05-31). "Georgi Guninski security advisory #74, 2005". Retrieved September 23. {{cite web}}: Check date values in: |accessdate= (help); Unknown parameter |accessyear= ignored (|access-date= suggested) (help)
  4. ^ Thomas H. Ptacek (2005-05-30). "Georgi Guninski's $500".
  5. ^ James Craig Burley (2005-05-31). "My Take on Georgi Guninski's qmail Security Advisories".
  6. ^ Daniel J. Bernstein (2001-04-09). "It's becoming obvious that..." Newsgroupcomp.security.unix. 2001Apr903.23.19.26969@cr.yp.to. {{cite newsgroup}}: Check date values in: |date= (help)
  7. ^ Daniel J. Bernstein (2005-01-07). "Selected Research Activities" (PDF). {{cite journal}}: Check date values in: |date= (help); Cite journal requires |journal= (help)
  8. ^ Daniel J. Bernstein. "MCS 590, High-Speed Cryptography, Spring 2005". Authenticators and signatures. Retrieved September 23. {{cite web}}: Check date values in: |accessdate= (help); Unknown parameter |accessyear= ignored (|access-date= suggested) (help)
  9. ^ Daniel J. Bernstein (2004-04-17). "Cache timing attacks on AES" (PDF). cd9faae9bd5308c440df50fc26a517b4. {{cite journal}}: Check date values in: |date= (help); Cite journal requires |journal= (help)
  10. ^ NewsForge. OpenBSD and ipfilter still fighting over license disagreement, June 06, 2001. Visited November 23, 2005.
  11. ^ de Raadt, Theo. Mail to openbsd-misc: Re: Why were all DJB's ports removed? No more qmail?, August 24, 2001. Visited December 9, 2005.
  12. ^ Bernstein, DJ. Mail to openbsd-misc: Re: Why were all DJB's ports removed? No more qmail?, August 27, 2001. Visited December 9, 2005.
  13. ^ Espie, Marc. Mail to openbsd-misc: Re: Why were all DJB's ports removed? No more qmail?, August 28, 2001. Visited December 9, 2005.
  14. ^ Daniel J. Bernstein (2001-08-11). "Multidigit multiplication for mathematicians". {{cite journal}}: Check date values in: |date= (help); Cite journal requires |journal= (help)
  15. ^ Daniel J. Bernstein (2001-11-09). "Circuits for integer factorization: a proposal". {{cite journal}}: Check date values in: |date= (help); Cite journal requires |journal= (help)
  16. ^ Arjen K. Lenstra, Adi Shamir, Jim Tomlinson, and Eran Tromer (2002). "Analysis of Bernstein's Factorization Circuit". proc. Asiacrypt. LNCS 2501: 1–26.{{cite journal}}: CS1 maint: multiple names: authors list (link)

See also

  • Chain loading (which is sometimes known as Bernstein chaining, due to Bernstein's extensive use of this technique)

Further reading

Wikiquote has quotations related to Daniel J. Bernstein.
Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Daniel_J._Bernstein&oldid=65155762"