the djb way

future djb

As we look back through the incredible body of djb software discussed in this site, we notice a curious fact: it was all produced over a brief 5-year span between 1996 and 2001, an amazingly prolific period of brilliance and creativity.

The last publicly released package we have from Bernstein, though, is daemontools-0.76, dated July 2001. And as of this writing (spring 2004), it remains his only software release conforming to the slashpackage package management methodology.

What's been happening since 2001, then? Has Dan hung up his keyboard?

Hardly. We can infer from numerous pages that Bernstein has been working as furiously as ever.

So what's ahead on the djb way? We don't have any special inside knowledge, but our bet is that we can soon expect a new outpouring. Here are a few things to look for, possibly by the end of this year.

• book: High Speed Cryptography

Over the past several years Dan has produced a massive amount of research on cryptography and high-speed numerical methods.

It seems he is currently collating this work and new material into a book, High Speed Cryptography, mentioned in his index of scientific papers (

• public-key signature system

Corresponding with Dan's work in high-speed cryptography has been his ongoing effort toward practical implementations in such applications as public-key crytography.

The sigs page ( now advises that we will soon have an update: "A state-of-the-art public-key signature system." This will incorporate work from hash127 and nistp224, and even faster numerical methods.

• pattern matching

It appears that Dan has been looking into some pattern matching theory; see

Could we expect to see a djb regex library someday?

• "redo", a software build system

One of the joys of any djb package is its utterly simple and fool-proof build system. A make command or two is all you need to configure, compile, build and install on your system, with virtually no other user intervention required.

Of course a lot of work and aggravation goes in to making things make so easily. And, as we might expect, Dan has been looking at better ways to do it. His system will be called "redo"; see for a glimpse.

• ipv6 support for dns

Sooner or later, it's gotta happen.

As it stands now, a djb server is still unable to operate with IPv6 addresses. This is a significant shortcoming to the djb way, as other platforms are moving slowly though inexorably toward IPv6 support. (Dan documents some of the issues with IPv6 support here:

But djb has made an enormous investment in documenting the Domain Name System and developing his djbdns software. It is inconceivable he would allow it all to lapse into obsolescence.

Notice that the slashpackage list now reserves a place for djbdns.

• "crit-bit" data structure

Bernstein is developing a new fast-access data structure to complement or replace the cdb hashing database. He calls this data structure a "crit-bit tree", a type of digital trie based on the PATRICIA trie algorithm originally described by Donald R. Morrison in 1968.

According to Bernstein, "I'm switching to crit-bit trees in my software, and writing a paper with complete proofs." Read more about crit-bit trees in this sneak-preview page:

• npthread, a non-preemptive thread library

Bernstein documents the interface to a new thread library called npthread.

• other new djb library stuff

More new library interfaces are also documented for as yet unreleased software:

• continued prime number research

Naturally Bernstein continues to push the frontiers of crypto theory, with one of his prime interests being prime numbers.

See this recent survey, "Distinguishing prime numbers from composite numbers: the state of the art in 2004".

• object-oriented Bernstein?

Who would have thunk it: Bernstein coding in C++!

Yet that is exactly the case in the recent (April 2004) appearance of "Proof-of-concept implementation of factoring into coprimes", with source code available at

The code uses bigint and base_vector from the LiDIA library, "A C++ Library For Computational Number Theory", from the Darmstadt University of Technology. See for more information. Note that this library requires g++ 3.x, and will not compile on older systems.

Bernstein's purpose of using C++ here is pedagogical, to quickly illustrate his algorithms in an application. For a programmer who chooses not to trust the Standard C stdio library, it seems extremely unlikely that Bernstein would ever actually migrate production code to C++. But maybe we are in for a surprise?

What's next, Java???

• qmail --> "Internet Mail 2000"?

We all know the most serious plague on the 'net is "unsolicited commercial email", a.k.a. spam.

For quite a while now, Dan has been attempting to engage others in discussion of a solution called Internet Mail 2000.

This is envisioned as an alternative to the present SMTP infrastructure. The key underlying paradigm of IM2000 is that message storage becomes the responsibility of the sender.

This inverts the present model, where the recipient's server bears the burden --and associated costs-- of receiving, storing and processing high volumes of undesired mail.

The inversion of costs could be exected to substantially diminish the incentives of spammers, as well as providing direct means of identifying abusive hosts. A number of other benefits are also provided.

Sounds great! But will we ever see IM2000?

Here we regret to say this is something we don't expect to see anytime in the near future. As with many other of Dan's inventions --QMTP, netstrings, slashpackage, etc.-- one can expect others to be slow on the uptake.

Maybe IM3000...

Stay tuned!

Copyright © 2004, Wayne Marshall.
All rights reserved.

Last edit 2004.10.04, wcm.