Project Wycheproof shines light onto dark art of open source crypto

Google has released Project Wycheproof, which aims to make checking for vulnerabilities easier by checking cryptographic libraries for known weaknesses

Google has this week released its Project Wycheproof toolkit, maintained by Google’s own security engineers and designed to check cryptographic libraries for known weaknesses. Daniel Bleichenbacher and Thai Duong are the Google engineers in question who, in announcing the release, have “developed over 80 test cases which have uncovered more than 40 security bugs” so far. Amongst the vulnerabilities, the dynamic duo discovered they could recover the private key of widely-used Digital Signature Algorithm (DSA) and Elliptic Curve Diffie–Hellman Cryptography (ECDHC) implementations.

Click here to read complete article