Daniel J. Bernstein
|
Daniel Julius Bernstein (sometimes known simply as djb; born October 29, 1971) is a professor at the University of Illinois at Chicago, a mathematician, a cryptologist, and a programmer. Bernstein is the author of the computer software qmail and djbdns, and is a proponent of license-free software.
Bernstein brought the court case Bernstein v. United States and later represented himself in court despite having no formal training as a lawyer. As a result of the ruling in that case, software was declared protected speech under the First Amendment and national restrictions on encryption software were overturned.
Bernstein has also proposed Internet Mail 2000, an alternative system for electronic mail, intended to replace SMTP, POP3 and IMAP.
Software security
In the autumn of 2004, Bernstein began teaching one of the first formal university-level courses about computer software security, titled "UNIX Security Holes". The 16 members of the class discovered 91 new UNIX security holes. Bernstein, long a promoter of the idea that full disclosure is the best method to promote software security and founder of the securesoftware mailing list (http://securesoftware.list.cr.yp.to/), publicly announced 44 of them with sample exploit code. This received some press attention and rekindled a debate over full disclosure.
No security holes (though several bugs) have been found in Bernstein's own software, qmail and djbdns, despite their widespread use and a US$500 reward. Accordingly, Bernstein believes it is possible to write secure software if the programmer is sufficiently dedicated. Thus believing that the widespread prevalence of security holes results from programmer laziness and incompetence, Bernstein argues:
- Immediate full disclosure, with a working exploit punishes the programmer for his bad code. He panics; he has to rush to fix the problem; he loses users.
- You're whining that punishment is painful. You're ignoring the effect that punishment has on future behavior. It encourages programmers to invest the time and effort necessary to eliminate security problems. [1] (http://groups-beta.google.com/group/comp.security.unix/msg/e576548f53195b01)
It should be noted that most security professionals believe that many of these “bugs” do qualify as security holes, including one which would lead to remote root compromise when qmail is installed on particular systems. [2] (http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html)[3] (http://isc.sans.org/diary.php?date=2005-05-31)
Bernstein has recently explained that he is pursuing a strategy to "produce invulnerable computer systems". Bernstein plans to achieve this by putting the vast majority of computer software into an "extreme sandbox" that prevents it from doing anything besides transforming input into output and by writing bugfree replacements (like qmail and djbdns) for the remaining components that need additional privileges. He concludes: "I won’t be satisfied until I've put the entire security industry out of work." PDF (http://cr.yp.to/cv/activities-20050107.pdf)
As of Spring 2005, Bernstein is teaching a course on "High Speed Cryptography" [4] (http://cr.yp.to/2005-590.html).
Bernstein does not shy away from publicly offending people who disagree with him about software design. On his website [5] (http://cr.yp.to) he provides counter-arguments against several individuals for saying things that he believes are wrong.
Although he does have a core following of like-thinking individuals, he does have a great many critics who feel his methods of software development and implementation are radically wrong and problematic[6] (http://linuxmafia.com/~rick/faq/index.php?page=warez#djb). Bernstein's software has a tendancy to polarize the communities it occupies.
External links
- Official website (http://cr.yp.to/djb.html)
- MCS 494: UNIX Security Holes (http://cr.yp.to/2004-494.html)
- CNET article (http://news.com.com/Students+uncover+dozens+of+Unix+software+flaws/2100-1002_3-5492969.html)
- Slashdot article (http://it.slashdot.org/article.pl?sid=04/12/15/2113202&tid=172&tid=146&tid=128&tid=130&tid=1&tid=106)
- The DJB Way (http://thedjbway.org/index.html)de:Daniel J. Bernstein