Google Releases Tool To Find Common Crypto Bugs

Trailrunner7 quotes a report from On the Wire: Google has released a new set of tests it uses to probe cryptographic libraries for vulnerabilities to known attacks. The tests can be used against most kinds of crypto algorithms and the company already has found 40 new weaknesses in existing algorithms. The tests are called Project Wycheproof, and Google's engineers designed them to help developers implement crypto libraries without having to become experts. Cryptographic libraries can be quite difficult to implement and making errors can lead to serious security problems. Attackers often will look for weak crypto implementations as a means of circumventing strong encryption in a target app. Among the issues that Google's engineers found with the Project Wycheproof tests is one in ECDH that allows an attacker to recover the private key in some circumstances. The bug is the result of some libraries not checking the elliptic curve points that they get from outside sources. "In cryptography, subtle mistakes can have catastrophic consequences, and mistakes in open source cryptographic software libraries repeat too often and remain undiscovered for too long. Good implementation guidelines, however, are hard to come by: understanding how to implement cryptography securely requires digesting decades' worth of academic literature. We recognize that software engineers fix and prevent bugs with unit testing, and we found that many cryptographic issues can be resolved by the same means," Daniel Bleichenbacher and Thai Duong, security engineers at Google, said in a post announcing the tool release. "Encodings of public keys typically contain the curve for the public key point. If such an encoding is used in the key exchange then it is important to check that the public and secret key used to compute the shared ECDH secret are using the same curve. Some libraries fail to do this check," Google's documentation says.

That inspires confidence

[slew]

Google's engineers designed them to help developers implement crypto libraries without having to become experts .

I'm not sure if I am supposed to be happy or depressed about this claim...

Re:That inspires confidence

[coolmoe2]

Well just think about if you had to have a decades worth of knowledge to implement SSL on your website. I think most normal admins would agree that is a high bar to jump to ensure nobody is snooping on data coming over that connection.

I get where your coming from but standards and guidelines are key to making the web what it is today.

Okay well the modern Internet is a fuckin mess so maybe not the best example but you know that I mean.

Re:That inspires confidence

[networkBoy]

I'm going with happy.
Bugs happen and open unit tests that we can all apply against our software stacks is a good thing indeed!
-nB

Re:That inspires confidence

[swillden]

Google's engineers designed them to help developers implement crypto libraries without having to become experts .

I'm not sure if I am supposed to be happy or depressed about this claim...

Happy. Because developers are not going to become experts.

Keep in mind that the class of expert we're talking about here includes Daniel Bleichenbacher, a world-class cryptographer and cryptanalyst best known for the "million-message attack", one of the first practical attacks on RSA-based PKI systems and Thai Duong, co-creator of several practical attacks against SSL and older versions of TLS. The worldwide supply of such experts is measured in hundreds. Automated tools that package and deliver (a little of) their expertise in a form that the average developer can use are a good thing.