The Full Wiki

Daniel J. Bernstein: Wikis
  
  

Note: Many of our articles have direct quotes from sources you can cite, within the Wikipedia article! This article doesn't yet, but we're working on it! See more info or our list of citable articles.

Encyclopedia

Updated live from Wikipedia, last check: June 01, 2012 05:40 UTC (36 seconds ago)

From Wikipedia, the free encyclopedia

Daniel J. Bernstein

Daniel Bernstein
Born October 29, 1971 (1971-10-29) (age 38)
Education Mathematics
Known for qmail, djbdns
Title Professor
Website
http://cr.yp.to/djb.html
"DJB" redirects here. "DJB" is also IATA code for Sultan Thaha Airport in Jambi, Indonesia

Daniel Julius Bernstein (sometimes known simply as djb; born October 29, 1971) is a professor at the University of Illinois at Chicago, a mathematician, a cryptologist, and a programmer. Bernstein is the author of the computer software qmail, publicfile and djbdns. He has a Bachelor's degree in Mathematics from New York University (1991), and a PhD in Mathematics from the University of California, Berkeley (1995), studying under Hendrik Lenstra. He attended Bellport High School, a public high school on Long Island.[1]

Bernstein brought the court case Bernstein v. United States. The ruling in the case declared software as protected speech under the First Amendment, and national restrictions on encryption software were overturned. Bernstein was originally represented by the Electronic Frontier Foundation, but later represented himself despite having no formal training as a lawyer.[2]

Bernstein has also proposed Internet Mail 2000, an alternative system for electronic mail, intended to replace Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP3) and Internet Message Access Protocol (IMAP).[3]

Contents

Software security

In the autumn of 2004, Bernstein taught a course about computer software security, titled "UNIX Security Holes". The 16 members of the class discovered 91 new UNIX security holes. Bernstein, long a promoter of the idea that full disclosure is the best method to promote software security and founder of the securesoftware mailing list, publicly announced 44 of them with sample exploit code. This received some press attention and rekindled a debate over full disclosure.

Bernstein has recently explained that he is pursuing a strategy to "produce invulnerable computer systems". Bernstein plans to achieve this by putting the vast majority of computer software into an "extreme sandbox" that only allows it to transform input into output, and by writing bugfree replacements (like qmail and djbdns) for the remaining components that need additional privileges. He concludes: "I won’t be satisfied until I've put the entire security industry out of work."[4]

In spring 2005 Bernstein taught a course on "High Speed Cryptography".[5] Bernstein demonstrated new results against implementations of AES (cache attacks) in the same time period.[6]

Most recently, djb's stream cipher "Salsa20" was selected as a member of the final portofolio of the eSTREAM project, part of a European Union research directive.

Secure Software

Bernstein has written a number of security-aware programs, including:

Bernstein offers a security guarantee for qmail and djbdns; while some claim there is a dispute over a reported potential qmail exploit, no functioning exploits for qmail have been published, and the claimed exploit does not fall within the parameters of the qmail security guarantee.[7][8] In March 2009, Bernstein awarded $1000 to Matthew Dempsky for finding a security hole in djbdns.[9]

In August 2008, Bernstein announced[10] DNSCurve, a proposal to secure the Domain Name System. DNSCurve uses techniques from elliptic curve cryptography to give a vast decrease in computational time over the RSA public-key algorithm used by DNSSEC, and uses the existing DNS hierarchy to propagate trust by embedding public keys into specially formatted (but backward-compatible) DNS records.

Mathematics

Bernstein has published a number of papers in mathematics and computation. Many of his papers deal with algorithms or implementations. He also wrote a survey titled "Multidigit multiplication for mathematicians".[11]

In 2001 Bernstein circulated "Circuits for integer factorization: a proposal,"[12] which caused a stir as it potentially suggested that if physical hardware implementations could be close to their theoretical efficiency, then perhaps current views about how large numbers have to be before they are impractical to factor might be off by a factor of three. Thus as 512-digit RSA was then breakable, then perhaps 1536-bit RSA would be too. Bernstein was careful not to make any actual predictions, and emphasized the importance of correctly interpreting asymptotic expressions. However, several other important names in the field, Arjen Lenstra, Adi Shamir, Jim Tomlinson, and Eran Tromer disagreed strongly with Bernstein's conclusions.[13] Bernstein has received funding to investigate whether this potential can be realized.

Bernstein is also the author of the mathematical libraries DJBFFT, a fast portable FFT library, and of primegen, an asymptotically fast small prime sieve with low memory footprint based on the sieve of Atkin rather than the more usual sieve of Eratosthenes. Both have been used effectively to aid the search for large prime numbers.

See also

Notes

  1. ^ "New Yorkers Excel In Contest". New York Times. 1987-01-21. http://query.nytimes.com/gst/fullpage.html?res=9B0DE1D81E3CF932A15752C0A961948260. Retrieved November 9 2008.  
  2. ^ [1]
  3. ^ [2]
  4. ^ Daniel J. Bernstein (2005-01-07) (PDF). Selected Research Activities. http://cr.yp.to/cv/activities-20050107.pdf.  
  5. ^ Daniel J. Bernstein. "MCS 590, High-Speed Cryptography, Spring 2005". Authenticators and signatures. http://cr.yp.to/2005-590.html. Retrieved September 23 2005.  
  6. ^ Daniel J. Bernstein (2004-04-17) (PDF). Cache timing attacks on AES. cd9faae9bd5308c440df50fc26a517b4. http://cr.yp.to/antiforgery/cachetiming-20050414.pdf.  
  7. ^ Georgi Guninski (2005-05-31). "Georgi Guninski security advisory #74, 2005". http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html. Retrieved September 23 2005.  
  8. ^ James Craig Burley (2005-05-31). "My Take on Georgi Guninski's qmail Security Advisories". http://www.jcb-sc.com/qmail/guninski.html.  
  9. ^ Daniel J. Bernstein (2009-03-04). "djbdns<=1.05 lets AXFRed subdomains overwrite domains". http://article.gmane.org/gmane.network.djbdns/13864.  
  10. ^ Daniel J. Bernstein. "High-speed cryptography". http://marc.info/?l=djbdns&m=122011940521548&w=2.  
  11. ^ Daniel J. Bernstein (2001-08-11). Multidigit multiplication for mathematicians. http://cr.yp.to/papers.html#m3.  
  12. ^ Daniel J. Bernstein (2001-11-09). Circuits for integer factorization: a proposal. http://cr.yp.to/papers.html#nfscircuit.  
  13. ^ Arjen K. Lenstra, Adi Shamir, Jim Tomlinson, and Eran Tromer (2002). "Analysis of Bernstein's Factorization Circuit". proc. Asiacrypt LNCS 2501: 1–26. http://www.wisdom.weizmann.ac.il/~tromer/papers/meshc/meshc.html.  

Further reading

External links


Quotes

Up to date as of January 14, 2010

From Wikiquote

Daniel J. Bernstein (known among users of his software and members of his mailing lists as simply "djb") is a professor at the University of Illinois at Chicago, a mathematician, a cryptologist, and a programmer, noted as the author of the computer software qmail and djbdns.

  • "The great thing about attackers is that there are so many to choose from!" [1]
  • "I like it." (when asked why he always dresses in black) [2]

On testing

  • "Of course, the test difficulty depends on what you're doing, and on how you're doing it. I'm constantly asking "How much would I have to screw this up to write an incorrect function that passes these simple tests?" Occasionally the answer is "Not much," so I'll throw the code away and start over. It was probably perfect code, but that's not good enough." [3]
  • "I often see people saying 'Nobody has produced an invulnerable software system; therefore, nobody will ever produce an invulnerable software system.'

    "By the same bogus reasoning, nobody will ever reach Mars; nobody will ever find MD5 collisions; nobody will ever cure cancer; nobody will ever prove the Poincare conjecture; nobody will ever clone a human; nobody will ever build a 1GHz CPU; nobody will ever find SHA-1 collisions; nobody will ever break the sound barrier; etc." (15 January 2005) [4]

  • "So it's tempting to incorporate a smaller resolver library into qmail. [...] I'd no longer be able to blame the BIND authors and vendors for the fact that attackers can easily use DNS to steal mail." [From the file "THOUGHTS" of the qmail distribution]

djb-isms

Bernstein is well-known for his debating style on various electronic fora. He does not suffer fools gladly, and in refuting them, has produced many a turn of phrase found by others to be amusing or pithy. A selection of quotations from his messages to various mailing lists in 1997 follows.

  • Just because it's automatic doesn't mean it works.
  • Anyway, I'm interested in what works, not in philosophical bullshit.
  • (In response to another poster's assertion that "As today's unices are very stable, crashing operating systems are not an issue.") Don't be silly. Every minute there's a UNIX system crashing somewhere.
  • There's an engineering term for systems like that: "garbage".
  • I'm not interested in security through obscurity. I want real security mechanisms, solutions that work for _everybody_. Yes, that's a lot more difficult than randomly blowing away "suspicious" portions of the Internet mail infrastructure, but it's the Right Thing To Do.
  • Be careful what you wish for you just might get it.
  • That section of the fetchmail man page is wild speculation; it has never had any relation to reality.
  • From a security perspective, if you're connected, you're screwed.
  • I don't care where you think your resources are going. If you know, show me the measurements. If you don't, stop wasting my time.
  • CAPS has surpassed ETRN in the "Most absurd use of port 25" contest.
  • Some parts of RFC 821 are simply too absurd to tolerate.
  • Make up your mind. Do you want to declare that your filters are effective, or do you want to find out how effective they actually are?
  • In general, the Internet was not designed to accommodate deliberate failures to communicate.
  • (In response to another poster's assertion that Windows NT is easier to configure than an otherwise-similar Unix system) Indeed. With NT, I can usually see in a matter of minutes that what I'm trying to do simply can't be done with the available software.
  • Profile. Don't speculate.
  • Compression saves bandwidth. What a surprise.
  • I don't have much respect for the people who run the Internet, but as a practical matter there are certain lines that can't be crossed without their approval.
  • The average user doesn't give a damn what happens, as long as (1) it works and (2) it's fast.
  • I'm not saying that this is how things should be. I'm saying that this is how things are.
  • I do engineering, not religion.
  • Duh-duh-duh... Buffer Overflow!
  • I thank God for not making me a computer scientist.
  • It seems some people do not have atomically synchronized watches and some do
  • I will be starting the lecture in SEVEN ... SIX ... FIVE ... ...
  • This is UNIX. Stop acting so helpless!
  • The new glue is, unfortunately, ignored by recent versions of the BIND cache; the detailed technical explanation for this is that the BIND company is a bunch of idiots.
  • I have discovered that there are two types of command interfaces in the world of computing: good interfaces and user interfaces. Source
  • Unless you have a hundred unanswered questions in your mind you haven't read enough...

External links

Wikipedia
Wikipedia has an article about:







Got something to say? Make a comment.
Your name
Your email address
Message
Please enter the solution to case below
12+8=