Tool Presented By Google To Help Developers in Finding Common Crypt bugs

A new open source tool namely ‘Project Wycheproof’ has been designed by Google team for the purpose of testing the most popular cryptographic software libraries against several familiar attacks. Being presented by Google, Project Wycheproof is basically an open source Crypto Library Testing Tool which was intentionally launched for the sole motto of enabling development teams to discover security vulnerabilities in several most popular cryptographic software libraries.

The description of this project clearly states that Project Wycheproof has been crafted for testing crypto libraries against familiar attacks. Though it is designed and maintained by members of Google Security Team, but is not an official Google product. Researches reveals that the Project Wycheproof has been entirely scripted in Java language. It do includes potential of implementing tests for almost all the most popular cryptographic libraries such as AES-GCM, AES-EAX, ECDH, DSA, DH, RSA, ECDSA and RSA. This implementation of over more than 80 test cases developed by Google experts have resulted in the discovery of over around 40 bugs in DSA and RSA.

Researchers in Google, at a single platform included more than around 80 tests which covers familiar attacks scenarios against the crypto libraries. Google wants to share it’s experience for enhancing the security in the development processes. According to experts at Google, Project Wycheproof has been actually named after Wycheproof (i.e., the smallest mountain in the world). The primary purpose behind the development of this project is to have an achievable goal. Based on the comments stated by the researchers, Project Wycheproof is a highly applicable program designed to help them in discovering the bugs present in the third party cryptographic software libraries they utilize for their projects.

As mentioned above, Project Wycheproof is not an official Google product, despite the fact that it has been maintained by members of the Google Security Team. Being an open project, it provides everyone which with accessibility to share it’s experience for adding another testing cases. The maintainers have been reported including them only after the development teams reasonable behind impotent libraries will patch them.

Leave a Comment

Your email address will not be published. Required fields are marked *