2023-10: Rusty and safe
What is memory safety and why does it matter?
Memory safety is a property of some programming languages that prevents programmers from introducing certain types of bugs related to how memory is used. Since memory safety bugs are often security issues, memory safe languages are more secure than languages that are not memory safe.
Memory safe languages include Rust, Go, C#, Java, Swift, Python, and JavaScript. Languages that are not memory safe include C, C++, and assembly.
https://www.memorysafety.org/docs/memory-safety/
Most critical protocol for privacy and security: TLS
For more than 20 years, OpenSSL has been the most widely used SSL/TLS library in use by software applications for cryptographic purposes. OpenSSL is free and open source, while it is by far the most prolific way of handling cryptography from within an application, it is by no means the only option, and it is not without its problems.
It’s highly unlikely that we can get the OpenSSL project to move away from C so we need to work on a memory safe alternative and get the Internet’s critical software infrastructure to make the switch.
Enter the game: Prossimo and Rustls
Prossimo is an Internet Security Research Group1 project: they provide memory-safe implementations for pieces of software that run the Internet. This has materialized in work being done on TLS with Rustls, curl, the Linux kernel, and more.
Rustls is a TLS library that aims to provide a good level of cryptographic security, requires no configuration to achieve that security, and provides no unsafe features or obsolete cryptography.
See the docs to see all the current (un)supported features!
Other memory safe initiatives
- a memory safe AV1 decoder that delivers great performance.
- a memory safe NTP implementation.
- a memory safe, high performance, fully recursive DNS resolver.
- TLS and HTTP networking code in curl memory safe.
-
To be clear: a sibling project of “Let’s Encrypt”! https://www.abetterinternet.org/ ↩
Comments