[Cryptography] Simpler programs?

Sandy Harris sandyinchina at gmail.com
Wed Apr 16 10:27:39 EDT 2014


Adding extra features increases the risk of various sorts of bugs
including security holes. The heartbleed bug was introduced when
adding a heartbeat feature, some versions of PGP acquired a nasty
vulnerability back in version 5.5 (late 90s, long since fixed) when an
"additional decryption keys" feature was added, and so on.

How much would using simpler programs reduce that attack surface?

For example, I once saw a  T-shirt at a Usenix conference that read
"Real cats don't have options" and checking the Plan 9 man page for
cat(1) I find that theirs has none. The FSF version on my Linux box,
on the other hand, has 11. Would replacing FSF programs with Plan 9
ones give a more secure Linux distro? Or using the FSF stuff but
removing or disabling all non-Posix options?

Or is this an argument for switching to Plan 9, to one of the BSDs or
to some Linux distro I am not aware of?

Is it an argument for a simpler ANSI-only compiler with no extensions?
Or simpler headers -- ctype.h is 350 lines on my system, stdio.h 947
-- and libraries? Or for less architecture-specific code? On my system
linux/arch has 30 subdirectories and hundreds of files.


More information about the cryptography mailing list