The name Wycheproof was chosen because it's the smallest mountain in the world, and stands at a whopping 486 feet above sea level. The reason this particularly unimpressive mountain serves as the namesake of this project is because the tool is only the beginning.
The authors of this tool said they wanted to "create something with an achievable goal," and allowing others to use these tools without "digesting decades worth of academic literature" could lead to increased adoption of this tool and improved security across the internet.
If you're developing applications and using cryptographic libraries, this tool could be something to keep in your toolbox for further investigation and implementation. Project Wycheproof searches for 80 test cases in crypto libraries, and it has already found 40 security bugs that are currently being worked on.
When using tools like Project Wycheproof, or performing security research, you must always attempt to notify the vendor or organization that's responsible for the vulnerabilities discovered. Are there flaws or danger when exposing these faults in the wild? Absolutely. The issue then becomes how to notify others of these vulnerabilities after they're found in crypto libraries. Read the rest of my article at the link below:
http://searchsecurity.techtarget.com/answer/How-can-enterprises-leverage-Googles-Project-Wycheproof
The authors of this tool said they wanted to "create something with an achievable goal," and allowing others to use these tools without "digesting decades worth of academic literature" could lead to increased adoption of this tool and improved security across the internet.
If you're developing applications and using cryptographic libraries, this tool could be something to keep in your toolbox for further investigation and implementation. Project Wycheproof searches for 80 test cases in crypto libraries, and it has already found 40 security bugs that are currently being worked on.
When using tools like Project Wycheproof, or performing security research, you must always attempt to notify the vendor or organization that's responsible for the vulnerabilities discovered. Are there flaws or danger when exposing these faults in the wild? Absolutely. The issue then becomes how to notify others of these vulnerabilities after they're found in crypto libraries. Read the rest of my article at the link below:
http://searchsecurity.techtarget.com/answer/How-can-enterprises-leverage-Googles-Project-Wycheproof
No comments:
Post a Comment