Google Releases Crypto Test Suite
Google has released Project Wycheproof—a test suite designed to test cryptographic libraries against a series of known attacks. From a blog post:
In cryptography, subtle mistakes can have catastrophic consequences, and mistakes in open source cryptographic software libraries repeat too often and remain undiscovered for too long. Good implementation guidelines, however, are hard to come by: understanding how to implement cryptography securely requires digesting decades’ worth of academic literature. We recognize that software engineers fix and prevent bugs with unit testing, and we found that many cryptographic issues can be resolved by the same means
The tool has already found over 40 security bugs in cryptographic libraries, which are (all? mostly?) currently being fixed.
BillB • December 20, 2016 6:30 AM
Looks very promising. I have to say when designing a new protocol, API, or writing a program that uses encryption in any way, the challenges are quite daunting. I took the Stanford online crypto course (recommended) and it’s still tricky to use crypto safely. Certainly I use existing well regarded libraries whenever possible, but finding resources on improving security has been an ongoing challenge.