|Project Wycheproof Reveals Bugs In Popular Crypto Libraries|
|Written by Nikos Vaggalis|
|Wednesday, 21 December 2016|
Google has released Project Wycheproof, a set of security tests that check cryptographic software libraries for known weaknesses. Having developed over 80 test cases more than 40 security bugs have been uncovered.
In order to have good cryptography two ingredients require to be in place. The first is the strength of the cipher primitive itself. This is a property that classifies it as suitable or not to build an application on. For example in the TLS protocol, documented in "SSL and TLS Deployment Best Practices-Use Secure Cipher Suites" not all ciphers are recommended for use. In that list for example, we find some obsolete cryptographic primitives that are not secure and must be avoided:
The second factor is the library that implements the cipher. Are you sure that it's bug free? One such counter-example is the mcrypt function from library libmcrypt, popular in PHP applications despite the many weaknesses as documented in If You're Typing the Word MCRYPT Into Your PHP Code, You're Doing It Wrong
Code auditing is the norm when looking for such bugs, and now Google engineers join the cause with Project Wycheproof in an attempt to address the concerns regarding the (in)security of software libraries, as a direct result of internal code audits of the crypto components that Google uses in its products, that finally found its way to the public as well.
Project Wycheproof is thus a collection of unit tests that check cryptographic software libraries for known weaknesses in RSA, elliptic curve crypto and authenticated encryption.
against their implementations in Java Cryptography Architecture providers such as Bouncy Castle, Spongy Castle, and the default providers in OpenJDK.
In order to run those tests, say for Bouncy Castle or OpenJDK, you need to have Bazel installed and then run the test as following:
bazel test BouncyCastleAllTests
bazel test OpenJDKAllTests
One of the most worrisome of the bugs uncovered is the leakage of private keys by Bouncy Castle's ECDHC implementation, since ECDCH will totally replace RSA for key transporting in the forthcoming TLS 1.3 version, as such a library hosting a weak implementation poses a matter of prime importance.
Many things can go wrong when implementing algorithms, and as a matter of fact in the TLS 1.3 draft there is a whole section dedicated to implementation pitfalls that can be potentially encountered when designing a library or application:
As such Project Wycheproof becomes a valuable addition to the pursuit of applying cryptography correctly, as getting it right is much too difficult, therefore the case for rigorous testing or the use of proven secure products such as in the CMS field, Paragonie's open source AirShip CMS in contrast to the known vulnerable ones the likes of Drupal, Joomla or Wordpress.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Wednesday, 21 December 2016 )|