Google Releases Tool To Find Common Crypto Bugs (onthewire.io) 22
Trailrunner7 quotes a report from On the Wire: Google has released a new set of tests it uses to probe cryptographic libraries for vulnerabilities to known attacks. The tests can be used against most kinds of crypto algorithms and the company already has found 40 new weaknesses in existing algorithms. The tests are called Project Wycheproof, and Google's engineers designed them to help developers implement crypto libraries without having to become experts. Cryptographic libraries can be quite difficult to implement and making errors can lead to serious security problems. Attackers often will look for weak crypto implementations as a means of circumventing strong encryption in a target app. Among the issues that Google's engineers found with the Project Wycheproof tests is one in ECDH that allows an attacker to recover the private key in some circumstances. The bug is the result of some libraries not checking the elliptic curve points that they get from outside sources. "In cryptography, subtle mistakes can have catastrophic consequences, and mistakes in open source cryptographic software libraries repeat too often and remain undiscovered for too long. Good implementation guidelines, however, are hard to come by: understanding how to implement cryptography securely requires digesting decades' worth of academic literature. We recognize that software engineers fix and prevent bugs with unit testing, and we found that many cryptographic issues can be resolved by the same means," Daniel Bleichenbacher and Thai Duong, security engineers at Google, said in a post announcing the tool release. "Encodings of public keys typically contain the curve for the public key point. If such an encoding is used in the key exchange then it is important to check that the public and secret key used to compute the shared ECDH secret are using the same curve. Some libraries fail to do this check," Google's documentation says.
That inspires confidence (Score:5, Insightful)
Google's engineers designed them to help developers implement crypto libraries without having to become experts .
I'm not sure if I am supposed to be happy or depressed about this claim...
Re: (Score:3, Insightful)
I get where your coming from but standards and guidelines are key to making the web what it is today.
Okay well the modern Internet is a fuckin mess so maybe not the best example but you know that I mean.
Re:That inspires confidence (Score:4, Insightful)
I'm going with happy.
Bugs happen and open unit tests that we can all apply against our software stacks is a good thing indeed!
-nB
Re:That inspires confidence (Score:4, Insightful)
Google's engineers designed them to help developers implement crypto libraries without having to become experts .
I'm not sure if I am supposed to be happy or depressed about this claim...
Happy. Because developers are not going to become experts.
Keep in mind that the class of expert we're talking about here includes Daniel Bleichenbacher, a world-class cryptographer and cryptanalyst best known for the "million-message attack", one of the first practical attacks on RSA-based PKI systems and Thai Duong, co-creator of several practical attacks against SSL and older versions of TLS. The worldwide supply of such experts is measured in hundreds. Automated tools that package and deliver (a little of) their expertise in a form that the average developer can use are a good thing.
Re: (Score:2)
The happy part is you, the depressing part is for whoever else has to read your code.
Until it's bots all the way down, then it's just depressing for everyone.
At which point you qualify for medical marijuana, and Welcome* Aboard!
*(bring your own cheetos, dammit!)
Re: (Score:2)
I'm not sure if I am supposed to be happy or depressed about this claim...
Don't worry it will be just like all the other static analysis tools which gather dust in the IDE's tools menu
Bug in Wikileaks' Insurance Files Encryption? (Score:1)
Re: (Score:1)
20 years programming security, I don't do crypto (Score:4, Interesting)
I've been programming security-related systems for 20 years. There's no chance I'd ever roll my own crypto. Tools to crack crypto? Yeah I do those. Write an IPSec / IKE implementation from scratch? I did that last week. You bet your ass it uses standard crypto libraries; I'm not writing those.
Re: (Score:2)
I've been programming security-related systems for 20 years. There's no chance I'd ever roll my own crypto. Tools to crack crypto? Yeah I do those. Write an IPSec / IKE implementation from scratch? I did that last week. You bet your ass it uses standard crypto libraries; I'm not writing those.
These tools are still useful, to detect bugs in the libraries. Daniel and Thai have found a lot of those, and getting the fixes upstreamed is surprisingly hard.
Re: (Score:2)
Re: (Score:2)
SSL/TLS is not a good security solution in many ways -- it only has a certificate for one side of the connection, its key sizes are frequently restrictive and most importantly, it does nothing to prevent impersonation or bandwidth theft.
E-Mail and Browser addon (Score:1)