Hi!

I'm Filippo Valsorda, @FiloSottile. I do cryptography and Go.

I joined the Go team at Google in 2018. I work on the Open Source team in NYC, which is responsible for the public project, including the compiler and the standard libraries. I own the cryptography packages.

Until 2017, I was at Cloudflare. On the Cryptography team, I developed the Go TLS stack and edge reverse proxy that powered the TLS 1.3 beta.

I joined Cloudflare in September 2014. For the following year I bent DNSSEC until it became something deployable transparently at scale and built the implementation to go with it. (By the way, the DNSSEC community absolutely loves me.)

Then the DNS team unexpectedly shrunk and I owned the entire Go DNS server—RRDNS—for a year and a half, rebuilding the legacy backend pipeline and eventually transitioning it to a real team. Some code is open source, and this is what the new team had to say about the architecture I originally designed.in Go (which cut latencies 50x, ask me why), handling new features to enable the rest of the company and working on its performance.

RRDNS runs more than 40% of the Alexa top 1M.

In early 2017 I discovered and reported Ticketbleed (CVE-2016-9244), a memory disclosure vulnerability in the F5 TLS stack, reminiscent of Heartbleed.

I started out speed-running the Matasano Cryptopals. I attended the Recurse Center batches Fall 2013 and Fall 2 2017.

How we might have met

Probably conferences. For example, if you are into security, I spoke at:

• 34c3 about "Paris256", a key recovery attack on Go P-256 (video)
• 33c3 and elsewhere about TLS 1.3 (video) (transcript of a shorter version)
• PacSec 2015 and 32c3 about why it's ok to just use /dev/urandom (video)
• HOPE XI about stealing Bitcoin with math (video)
• HITB2015AMS about shortcomings in Tor Hidden Services privacy
• HITB2014KUL about ECDSA nonce reuse on the blockchain

If you are a Gopher, then you might have seen me speaking at:

• GothamGo 2017 about rustgo: building your own FFI
• GopherCon 2017 about TLS 1.3, crypto/tls and net/http (video)
• GolangUK and GopherCon India 2017 about latency profiling (video: UK, IN)
• Golab 2017 with a keynote about hellogopher (video)
• GopherCon 2016 about cgo (video)
• HOPE XI about archiving all GitHub (video)
• GothamGo 2015 about fuzzing Go (video)

Or a few others.

I also run Breaking Bad Crypto, a training seminar aimed at practical cryptographic exploitation. In the past. it covered hash extension, Vaudenay padding oracles and Bleichenbacher'06 RSA forgeries at the DEF CON 21 and 23 CryptoVillage, at 34c3, 33c3, 32c3 and 31c3, and at HITB2015AMS.

What you might have used

I made the popular online Heartbleed test: https://filippo.io/Heartbleed

And one for Superfish/Komodia, and one for LuckyMinus20.

If you ever ran ssh whoami.filippo.io, that was me:

$ ssh whoami.filippo.io

    +---------------------------------------------------------------------+
    |                                                                     |
    |             _o/ Hello Filippo Valsorda!
    |                                                                     |
    |                                                                     |
    |  Did you know that ssh sends all your public keys to any server     |
    |  it tries to authenticate to?                                       |
    |                                                                     |
    |  That's how we know you are @FiloSottile on GitHub!
    |                                                                     |
    |  Ah, maybe what you didn't know is that GitHub publishes all users' |
    |  ssh public keys and Ben (benjojo.co.uk) grabbed them all.          |
    |                                                                     |
    |  That's pretty handy at times :) for example your key is at         |
    |  https://github.com/FiloSottile.keys
    |                                                                     |
    |                                                                     |
    |  P.S. This whole thingy is Open Source! (And written in Go!)        |
    |  https://github.com/FiloSottile/whosthere                           |
    |                                                                     |
    |  -- @FiloSottile (https://twitter.com/FiloSottile)                  |
    |                                                                     |
    +---------------------------------------------------------------------+

I built gvt, the simple Go vendoring tool, and hellogopher, the tool to "just clone and make" Go projects. I used to maintain youtube-dl. There's the Linux syscall table, too. And you might find captive-browser useful.

I run a Certificate Transparency log behind the sofa.

What you might have read

• The scrypt parameters
• rustgo: calling Rust from Go with near-zero overhead
• Reproducing Go binaries byte-by-byte
• Finding Ticketbleed (CVE-2016-9244)
• So you want to expose Go on the Internet
• I'm giving up on PGP (as seen on Ars, Schneier)
• So I lost my OpenBSD FDE password
• The complete guide to Go net/http timeouts
• Securing a travel iPhone
• Yet Another Padding Oracle in OpenSSL CBC Ciphersuites
• Shrink your Go binaries with this one weird trick
• Bleichenbacher'06 signature forgery in python-rsa (CVE-2016-1494)
• DNS parser, meet Go fuzzer
• A deep look at CVE-2015-5477
• How Plex is doing HTTPS for all its users
• Logjam explained
• The sad state of SMTP encryption
• Komodia/Superfish SSL Validation is broken (CVE-2015-2078)
• So I lost my NAS password
• The ECB Penguin

And other pieces on this blog or on the Cloudflare one.

There's also an old piece in Phrack 69 Linenoise.