How many of those flaws were deliberately introduced by the US Gov to hamper standards, we'll never know. As a guess. A lot of them.
Testing times: Can your crypto-code survive the Google gauntlet?
Google has unleashed Project Wycheproof, a set of security tests to check cryptographic libraries for susceptibility to known weaknesses. The toolkit, maintained by Google’s security engineers, is named after Mount Wycheproof, the smallest mountain in the world, and has set out with commendably modest goals. The aim is to look …
COMMENTS
-
-
Tuesday 20th December 2016 22:38 GMT Primus Secundus Tertius
Ah, the conspiracy theory rather than the cockup theory.
But usually it is a cockup. I blame modern education, which tells children to be creative rather than telling them to check their work.
I seem to remember a recent celbrated case, possibly for SSH, where the offending code had been checked in at 11.30pm on New Years Eve. How to inspire confidence - NOT.
-
-
Tuesday 20th December 2016 22:14 GMT Dave 126
> named after Mount Wycheproof, the smallest mountain in the world,
I've just spent five minutes trying to chase down a source for its status as a mountain, but so far all my google results appear to form a loop.
Quite a few pages called it 'the smallest registered mountain in the world', but no where have I yet found what 'registered mountain' means.
I'll give it another 5 minutes and report back shortly.
[EDIT:] Ah, it would appear that there is no universal definition of 'mountain', and people understand that definition can vary from place to place. The very minimum is that it be a geological feature with steep sides that dominates a surrounding area - so Mount Wycheproof qualifies in those respects.
The UK generally uses a height of roughly 2000' or (300 M, or more than a few Brontosauri stacked nose to tail) to distinguish mountains from hills. I live and I learn!
-
Tuesday 20th December 2016 22:20 GMT stratcat
Whycheproof...
... where the freight trains run down the middle of the main street.
(There's probably an analogy there with some tech companies)
I've spent a fair bit of time there over the years; not the world's most exciting place other than the train line and the mountain. The new bakery is good though.
-
Tuesday 4th April 2017 22:09 GMT John Smith 19
They may sound like modest goals
But they're a start.
I'd like to think crypto implementors will study the tests and use them as a guide to make better stuff from the ground up.
Crypto is probably the smallest, but most demanding, software most people will ever be asked to implement, and in truth most smart people would prefer to not have to in the first place.
But sometimes you simply have no choice.