Slashdot Mirror


How To Prevent the Next Heartbleed

dwheeler (321049) writes "Heartbleed was bad vulnerability in OpenSSL. My article How to Prevent the next Heartbleed explains why so many tools missed it... and what could be done to prevent the next one. Are there other ways to detect these vulnerabilities ahead-of-time? What did I miss?"

1 of 231 comments (clear)

  1. Re:How about by Pricetx · · Score: 5, Interesting

    A quote from the "Insane Coding" blog, which in turn quotes from the book "cryptography engineering":

    The issues with higher level languages being used in cryptography are:
    - Ensuring data is wiped clean, without the compiler optimizations or virtual machine ignoring what they deem to be pointless operations.
    - The inability to use some high-level languages because they lack a way to tie in forceful cleanup of primitive data types, and their error handling mechanisms may end up leaving no way to wipe data, or data is duplicated without permission.
    - Almost every single thing which may be the right way of doing things elsewhere is completely wrong where cryptography is concerned.