I'm Filippo Valsorda, @FiloSottile. I do cryptography and Go.
I work on the Go team at Google. I own and maintain the cryptography packages (
golang.org/x/crypto) and act as security coordinator.
Since joining the team in 2018, I added TLS 1.3 support to
crypto/tls and co-designed the checksum database—a state-of-the-art authentication system for the Go modules ecosystem based on transparency trees.
Until 2017, I was at Cloudflare. On the Cryptography team, I developed the Go TLS stack and edge reverse proxy that powered the TLS 1.3 beta.
I joined Cloudflare in September 2014. For the following year I bent DNSSEC until it became something deployable transparently at scale and built the implementation to go with it. (By the way, the DNSSEC community absolutely loves me.)
Then the DNS team unexpectedly shrunk and I owned the entire Go DNS server—RRDNS—for a year and a half, rebuilding the legacy backend pipeline and eventually transitioning it to a real team. Some code is open source, and this is what the new team had to say about the architecture I originally designed.
RRDNS runs more than 40% of the Alexa top 1M.
In early 2017 I discovered and reported Ticketbleed (CVE-2016-9244), a memory disclosure vulnerability in the F5 TLS stack, reminiscent of Heartbleed.
I started out speed-running the Matasano Cryptopals. I attended the Recurse Center batches Fall 2013 and Fall 2 2017.
How we might have met
Probably conferences. For example, if you are into security, I spoke at:
- Enigma 2020 about securing the software supply chain (video)
- 34c3 and Black Hat USA 2018 about a key recovery attack on Go P-256 (video)
- 33c3 and elsewhere about TLS 1.3 (video) (transcript of a shorter version)
- PacSec 2015 and 32c3 about why it's ok to just use
- HOPE XI about stealing Bitcoin with math (video)
- HITB2015AMS about shortcomings in Tor Hidden Services privacy
- HITB2014KUL about ECDSA nonce reuse on the blockchain
If you are a Gopher, then you might have seen me speaking at:
- QCon NYC 2019 about complexity and maintaining the Go crypto libraries
- GopherCon 2018 live-coding about asynchronous networking (video)
- GothamGo 2017 about rustgo: building your own FFI (video)
- GopherCon 2017 about TLS 1.3, crypto/tls and net/http (video)
- GolangUK and GopherCon India 2017 about latency profiling (video: UK, IN)
- Golab 2017 with a keynote about hellogopher (video)
- GopherCon 2016 about cgo (video)
- HOPE XI about archiving all GitHub (video)
- GothamGo 2015 about fuzzing Go (video)
Or a few others.
I also run Breaking Bad Crypto, a training seminar aimed at practical cryptographic exploitation. In the past. it covered hash extension, Vaudenay padding oracles and Bleichenbacher'06 RSA forgeries at the DEF CON 21 and 23 CryptoVillage, at 34c3, 33c3, 32c3 and 31c3, and at HITB2015AMS.
What you might have used
My most popular project is mkcert, a small development tool that generates HTTPS/TLS certificates for any name (including localhost) that are automatically trusted by your local machine.
I also made the original online Heartbleed test, https://filippo.io/Heartbleed.
And one for Superfish/Komodia, and one for LuckyMinus20.
If you ever ran
ssh whoami.filippo.io, that was me:
$ ssh whoami.filippo.io +---------------------------------------------------------------------+ | | | _o/ Hello Filippo Valsorda! | | | | | Did you know that ssh sends all your public keys to any server | | it tries to authenticate to? | | | | That's how we know you are @FiloSottile on GitHub! | | | Ah, maybe what you didn't know is that GitHub publishes all users' | | ssh public keys and Ben (benjojo.co.uk) grabbed them all. | | | | That's pretty handy at times :) for example your key is at | | https://github.com/FiloSottile.keys | | | | | P.S. This whole thingy is Open Source! (And written in Go!) | | https://github.com/FiloSottile/whosthere | | | | -- @FiloSottile (https://twitter.com/FiloSottile) | | | +---------------------------------------------------------------------+
I built gvt, the simple Go vendoring tool, and hellogopher, the tool to "just clone and make" Go projects. I used to maintain youtube-dl. There's the Linux syscall table, too. And you might find captive-browser useful.
I ran a Certificate Transparency log behind a sofa.
What you might have read
- Using Ed25519 signing keys for encryption
- A Go implementation of Poly1305 that makes sense
- The scrypt parameters
- rustgo: calling Rust from Go with near-zero overhead
- Reproducing Go binaries byte-by-byte
- Finding Ticketbleed (CVE-2016-9244)
- So you want to expose Go on the Internet
- I'm giving up on PGP (as seen on Ars, Schneier)
- So I lost my OpenBSD FDE password
- The complete guide to Go net/http timeouts
- Securing a travel iPhone
- Yet Another Padding Oracle in OpenSSL CBC Ciphersuites
- Shrink your Go binaries with this one weird trick
- Bleichenbacher'06 signature forgery in python-rsa(CVE-2016-1494)
- DNS parser, meet Go fuzzer
- A deep look at CVE-2015-5477
- How Plex is doing HTTPS for all its users
- Logjam explained
- The sad state of SMTP encryption
- Komodia/Superfish SSL Validation is broken (CVE-2015-2078)
- So I lost my NAS password
- The ECB Penguin
And other pieces on this blog or on the Cloudflare one.
I also run a casual newsletter, Cryptography Dispatches, and there's an old piece of mine in Phrack 69 Linenoise.