I don't really see clering out the key as an important weak point. You should do that in languages where you dont't have automatic memory management, but in Pike used memory contents doesn't accidently end up in paddings and similar. We could of course add code that clears memory that is freed (perhaps if the macro PIKE_SECURITY is defined) to protect it from other programs.
/ Martin Nilsson (Åskblod)
Previous text:
2003-01-28 13:23: Subject: Re: OpenSSL wrapper vs Pike's SSL (Was: Bz2)
While we can never make any language safe (except perhaps ADA) for bad programmers, pike does it's best. The fact that the programmer doesn't have to worry about allocating/freeing memory saves us from a lot of potential problems. Sure, the GC in Pike has it's flaws but I think it does a better job than most C-programmers does.
When it comes to the implementation of cryptoalgorithms in Pike, I do believe that it is reasonably safe. If I were to build a system which required high security (as in a military system or equal), I would not trust the Pike implementations and most certainly I would not trust OpenSSL. A quick search at securityfocus.com reveals that Roxen has 8 documented flaws. They all seem to originate from within roxen. OpenSSL had 10+ *PAGES*! Ok, I know that the userbase for OpenSSL is larger than for Pike, but still. DES, RC{4|5}, AES etc are all welldocumented algorithms which most of my friends would be able to implement in Pike without any major flaws. Considering that the people working on Pike are usualy pretty smart, I don't think we have much of a problem here.
The only thing I see as a problem, is how the key is cleared from memory once the algorithm is done with it. I agree with you that it might be a weak point in the Pike implementation. But that can be fixed with ease.
I think you made my point in your last paragraph. Using OpenSSL won't, by itself, resolv the problem of "safe programming". It's a fact that we've known about most exploits for 20 years and they are still around...
/ Marcus Agehall (Trådlös)