Project Wycheproof shines light onto dark art of open source crypto

News by Davey Winder

Google has released project Wycheproof, which aims to make checking for vulnerabilities easier by checking cryptographic libraries for known weaknesses.

Google has this week released its Project Wycheproof toolkit, maintained by Google's own security engineers and designed to check cryptographic libraries for known weaknesses.

Daniel Bleichenbacher and Thai Duong are the Google engineers in question who, in announcing the release, have “developed over 80 test cases which have uncovered more than 40 security bugs” so far.

Amongst the vulnerabilities, the dynamic duo discovered they could recover the private key of widely-used Digital Signature Algorithm (DSA) and Elliptic Curve Diffie–Hellman Cryptography (ECDHC) implementations.

The toolkit is named after the smallest mountain in the world, Mount Wycheproof, because the smaller the mountain the easier it is to climb it. The argument is that, in cryptography, even the most subtle of mistakes can have catastrophic consequences, and in open source crypto software mistakes are often repeated too often and remain undiscovered for too long.

Unfortunately, implementing ‘good crypto' is something of a dark art that usually requires serious understanding of some seriously academic literature. Project Wycheproof aims to change that by applying the same kind of unit testing approach used elsewhere in the software development and implementation world to crypto.

Speaking to SC Media UK, Zach Jones, senior manager of Static Code Analysis at WhiteHat Security, agreed that creating new secure algorithms might be considered a dark art “if the definition of dark art is that it requires higher level mathematics.” Jones argues that actually implementing cryptography at the application level is not a dark art at all, it just takes attention to detail.

“It is a matter of selecting the proper APIs, algorithms, modes, ciphers, initialisation vectors, transformations, and seeds for your use case” Jones continued, along with “understanding the tools your platform provides for doing cryptography in various contexts and testing the distribution of your implementation's output programmatically, to verify entropy/randomness.”

And, of course, regularly auditing these choices to keep them up-to-date. The challenge being that all of these factors need to be done correctly in order for the crypto to work. “Unfortunately”, Jones insists, “developers rarely take the time to truly understand how the APIs provided by their platform work.” Instead, once the functionality works and the cryptography doesn't appear broken to the naked eye, they move on to other tasks.

So why hasn't crypto become more of a secure plug and play process by now then? Jones blames the arms race for this. “If you develop a secure cryptography library that enforces good choices on developers” he says “it might be secure today, but tomorrow, the algorithm will be broken by new hardware or new attack techniques.”

Then there's compatibility of course. Not all platforms have the best choice available, so developers of libraries must build-in flexibility that, in the end, can often be misused to produce insecure results.

Which leaves us to ask just how useful this toolkit will be in the real world, given that Google itself admits that "passing the tests does not imply that the library is secure, it just means that it is not vulnerable to the attacks that Project Wycheproof tries to detect." In other words, how much testing is enough testing?

Mike Ahmadi, global director for critical systems security at Synopsys, applauds all efforts to create online resources that allow for automated vulnerability checking. "Wycheproof joins the CWE, CVE, and CAPEC in an online world of software vulnerability databases" Ahmadi told SC, continuing "utilizing automated testing tools that poll online databases of this type is a critical step in the process of continual improvement towards more secure systems and devices."

As for Jones, he reminds us that "no single toolkit can replace human security experts, so it's important that companies ensure that the right combination of tooling, testing and human intelligence is in place."

Indeed, much of security automation is about removing the easy and obvious attacks, so that you can focus on finding the deeper issues.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews