The authors of this tool said they wanted to “create something with an achievable goal,” and allowing others to use these tools without “digesting decades worth of academic literature” could lead to increased adoption of this tool and improved security across the internet.
If you’re developing applications and using cryptographic libraries, this tool could be something to keep in your toolbox for further investigation and implementation. Project Wycheproof searches for 80 test cases in crypto libraries, and it has already found 40 security bugs that are currently being worked on.
When using tools like Project Wycheproof, or performing security research, you must always attempt to notify the vendor or organization that’s responsible for the vulnerabilities discovered. Are there flaws or danger when exposing these faults in the wild? Absolutely. The issue then becomes how to notify others of these vulnerabilities after they’re found in crypto libraries. Read the rest of my article at the link below:
This is a Security Bloggers Network syndicated blog post authored by Matthew Pascucci. Read the original post at: Frontline Sentinel