Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
ur-whale 4 hours ago

One meta thing I've always wondered ... Are multiple implementations of the same protocol good or bad for security?

Probably naively, I'm thinking:

    - diversity: good
    - doubling the attack surface: real bad
What do the security folks out there think of the topic?
stusmall 24 minutes ago | parent | next [-]

Diversity is a fantastic thing for security. It limits the impact when a bug drops and gives the possibility to migrate or run a mix of systems.

embedding-shape 4 hours ago | parent | prev | next [-]

I think the general consensus is that it improves security of the protocol, but obviously that won't matter much if the implementation gets something wrong or has worse security by itself.

Issues in the protocol itself would need all implementations to change, but issues in the implementation would obviously be isolated to one implementation. For something like Wireguard, I'd wager a guess that issues in the implementations are more common than issues in the protocol, at least at this stage.

VoxPelli 12 minutes ago | parent [-]

If the implementation gets it wrong that can also be a sign of ambiguity in the protocol / standard and as such result in clarifications and an overall more well specified protocol

mwalser 4 hours ago | parent | prev | next [-]

I wouldn't say that multiple implementations are duplicating the attack surface since most users will not end up running them in parallel.

ur-whale 4 hours ago | parent [-]

I meant at a global level (think as if you're attacking all wireguard users, not a single one)

swiftcoder 3 hours ago | parent [-]

The increased attack surface mostly only affects that one particular implementation though. So, yes, twice as many implementations that may contain exploitable bugs, but each new implementation could only be used to exploit a fraction of the total user base

rlpb 3 hours ago | parent [-]

> could only be used to exploit a fraction

If anything this is a even a good thing, since it means that each individual vulnerability an attacker finds is less valuable to them.

lugu 2 hours ago | parent | prev | next [-]

Competitions helps in multiple ways. It improve tooling, test suites, CVE response time, documentation and evolution of the protocol. There are some counter examples where compatibility suck, like DLNA but the problem often come from the spec.

stevefan1999 4 hours ago | parent | prev | next [-]

That's really good because it means it will be able to have more exposure, more exposure means more improvement, more improvement eventually dig out bad bugs and reduces the attack surface in the long run

saidnooneever 2 hours ago | parent | prev [-]

dont fix if it ain't broken. look at sudo-rs and other rust ports.

ofc, thats a cynical view.

i personally think its a bad idea to duplicate efforts. better combine them. otherwise u risk making mistakes that were already solved. missing lessons already learnt.

VoxPelli 13 minutes ago | parent [-]

sudo-rs itself is not a bad idea, Canonical’s premature shipping of it in Ubuntu was the bad idea. sudo-rs was transparent with how far it had gotten in compatibility and feature parity