[pro] Heartbleed?

Nathan Froyd froydnj at gmail.com
Sun Apr 27 16:02:44 UTC 2014


On Fri, Apr 25, 2014 at 7:24 PM, Antoni Grzymała <antoni at grzymala.info> wrote:
> Tako rzecze Nathan Froyd (2014-04-25, 16:42):
>> Ironclad has many deficiencies that make it unsuitable for serious
>> cryptographic software.
>
> I'm curious what they would be – would you be able to outline that in
> more detail?

Sure.  In no particular order, and with no claim of exhaustiveness:

- Many ciphers are not safe against timing attacks due to the use of
lookup tables.
- There's nothing like Go's crypto.subtle
(http://golang.org/pkg/crypto/subtle/) package for ensuring that
various checks are safe against timing attacks.
- The public key algorithms are definitely not production ready: they
will give you the correct answers, but the implementations are not
cryptographically robust.  Part of this is potentially intractable,
given that they rely on bignums, and the bignum implementations in
Common Lisp implementations are probably not implemented with the
needs of public key algorithms in mind.
- The DSA signature algorithm doesn't use high-quality random numbers,
which makes it unsafe.
- I know there are a whole host of issues with implementing RSA
safely; Ironclad has not paid attention to any of these.
- There's no implementation of padding and all the subtleties that
come with it for block cipher algorithms or public key algorithms.

The hash algorithm implementations are pretty solid (assuming that you
choose cryptographically secure ones, of course); everything else
isn't suitable for security-conscious software.

I would like to fix some of these deficiencies, of course, but I
haven't sat down and taken the time to do so.  Patches welcome.

-Nathan




More information about the pro mailing list