Backdoor discovered in Ruby "strong password" library, takes your "strong passwords" and uploads them into a pastebin nakedsecurity.sophos.com/2019/

Hi, do you believe me when I say we need ocap security yet

@cwebber I think this problem could have been solved with a purely functional programming language. Although the compiler would need an option to disable any unsafe* functions (like the ones in haskell).

Side-effects are really dangerous, this proves it.

@jorge_jbs Even purely functional programs *do* get access to side effects though, because you need to do do anything useful. They do it through a monad.

The question is: who gets access to that monad?

You're right that functional programming can help, but it isn't that the language is functional itself that does it, it's that it supports higher-order functions and the ability to pass around references.

@cwebber @jorge_jbs Indeed, you can even imagine pure functions leaking passwords in their output in non-trivial ways (= ways which cannot be easily seen by looking at the function definition).
Follow

@scolobb @cwebber If a functions leaks anything to the outside world aside from its result then it is not a pure function, by definition.

@jorge_jbs @cwebber That's why I said "leaks in its output", meaning that being pure and being secure are orthogonal things.

Imagine a trivial (and stupid) example: you have a pure function taking a string and an encryption key and simply concatenating the two: it leaks the original string in the output. Now, this is clearly a stupid example, but you can imagine insecure encryption procedures which do not obfuscate the input well enough, but which are still pure in the sense that they produce no side-effects.

I am not a security expert (I'm actually not an expert in almost anything 😄), so feel free to take my word with a big grain of salt or anything healthier than that 😉

@jorge_jbs @scolobb @cwebber
I could imagine pure functions leaking information about passwords via timing channels, CPU heat, fan rates, EMF levels related to frequency of RAM accesses, etc. Functional code eliminates state from the perspective of the programmer but in some respects only hides state that still exists from the perspective of physics.

@enkiv2 @scolobb @cwebber Well, you could make a functional language that abstracts over all the implementation details, so you couldn't rely on them. For example, the implementation could add noise so that it really is pure. But, in practice that sounds to be terribly slow xD. But, also in practice, you wouldn't leak side-effects that way.

Sign in to participate in the conversation
mastodon.cloud

[Notice Regarding the Transfer of the mstdn.jp / mastodon.cloud Services] We have received several inquiries showing interest in a transfer following the announcement of the end of the mstdn.jp and mastodon.cloud services. As a result of subsequently evaluating the situation and making preparations, we have decided that the corresponding services will be transferred to Sujitech, LLC. on June 30. Thank you.