Testing times: Can your crypto-code survive the Google gauntlet?
Mount Wycheproof pinpoints mistakes in software libraries
Google has unleashed Project Wycheproof, a set of security tests to check cryptographic libraries for susceptibility to known weaknesses.
The toolkit, maintained by Google’s security engineers, is named after Mount Wycheproof, the smallest mountain in the world, and has set out with commendably modest goals. The aim is to look for obvious mistakes in coding that lay in the domain of full-time cryptographers and computer scientists – rather than to turn up deeper-rooted mathematical flaws.
Google’s eggheads have developed more than 80 test cases, which have uncovered more than 40 security bugs (some unpublicized because they are yet to be publicly fixed and disclosed). Examples include tests for common bugs that allow the recovery of private keys from widely used DSA and ECDHC implementations.
Google’s team is also providing ready-to-use tools to check Java Cryptography Architecture providers such as Bouncy Castle and the default providers in OpenJDK.
“In cryptography, subtle mistakes can have catastrophic consequences, and mistakes in open source cryptographic software libraries repeat too often and remain undiscovered for too long,” the engineers explain in a blog post. “Good implementation guidelines, however, are hard to come by: understanding how to implement cryptography securely requires digesting decades’ worth of academic literature.
“We recognize that software engineers fix and prevent bugs with unit testing, and we found that many cryptographic issues can be resolved by the same means,” they added.
Google’s team is explicit in describing the project as a work in progress.
“Passing the tests does not imply that the library is secure, it just means that it is not vulnerable to the attacks that Project Wycheproof tries to detect,” they explain. “Cryptographers constantly discover new weaknesses in cryptographic protocols.”
Early reaction to the project has been broadly positive. Sophos, for example, welcomed the project in a post on its Naked Security blog here. ®