Some time ago I had begun work on my own Pastebin-type project with a few goals. Basically, I wanted to eat all the cakes — and have them too.
The project, honestly, was going swimmingly when derailed by the goings-on of life.
One of the interesting components of the project was, of course, choosing crypto implementations. There are know shortcomings to handling it in JS but that’s still the most convenient for some users. Outside of the browser, server-side, you had all the same questions about which solution was best. Which protocol(s) should be available?
Well, I’ve just learned about a project which I would have loved to have available back then. Project Wycheproof can help you test your crypto solutions against known problems and attacks. Featuring 80 tests probing at 40 known bugs, here’s a snip from the introduction:
Project Wycheproof has tests for the most popular crypto algorithms, includingAES-EAXAES-GCM AES-GCM DH DHIES DSA ECDH ECDSA ECIES RSA The tests detect whether a library is vulnerable to many attacks, including
Invalid curve attacks Biased nonces in digital signature schemes Of course, all Bleichenbacher’s attacks And many more — we have over 80 test cases
Interesting stuff with exciting potential!