Slashdot Mirror


A Suite of Digital Cryptography Tools, Released Today, Has Been Mathematically Proven To Be Completely Secure and Free of Bugs (quantamagazine.org)

By making programming more mathematical, a community of computer scientists is hoping to eliminate the coding bugs that can open doors to hackers, spill digital secrets and generally plague modern society. From a report: Now a set of computer scientists has taken a major step toward this goal with the release today of EverCrypt, a set of digital cryptography tools. The researchers were able to prove -- in the sense that you can prove the Pythagorean theorem -- that their approach to online security is completely invulnerable to the main types of hacking attacks that have felled other programs in the past. "When we say proof, we mean we prove that our code can't suffer these kinds of attacks," said Karthik Bhargavan, a computer scientist at Inria in Paris who worked on EverCrypt.

EverCrypt was not written the way most code is written. Ordinarily, a team of programmers creates software that they hope will satisfy certain objectives. Once they finish, they test the code. If it accomplishes the objectives without showing any unwanted behavior, the programmers conclude that the software does what it's supposed to do. Yet coding errors often manifest only in extreme "corner cases" -- a perfect storm of unlikely events that reveals a critical vulnerability. Many of the most damaging hacking attacks in recent years have exploited just such corner cases.

4 of 194 comments (clear)

  1. Completely secure and free of bugs. by olsmeister · · Score: 5, Funny

    Until it's installed on a computer that uses an Intel (tm) processor, that is....

  2. Really, proven free of bugs? by JoeyRox · · Score: 3, Funny
  3. Re:The interesting bit... by Anubis+IV · · Score: 3, Funny

    F* (pronounced "F star") was the grade my university would give to students who failed a course, but not just for any failure. The F* grade was reserved for those who cheated on an exam, plagiarized papers, or were otherwise caught engaging in unethical behavior. It was a scarlet letter that went on their official transcript, forever branding them as someone you couldn't trust (or as someone who wasn't competent enough to NOT get caught, depending on your outlook).

    As a result, it's kinda hard for me to shake the feeling that there's something untrustworthy about this software.

  4. Re:Bullshit by CyberSlugGump · · Score: 3, Funny

    Reminds me of the famous Donald Knuth quotation: Beware of bugs in the above code; I have only proved it correct, not tried it.