Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google presents the Project Wycheproof to test crypto libraries against known attacks

Google released the Project Wycheproof, an open source tool designed to test most popular cryptographic software libraries against known attacks. Google presented the Project Wycheproof, an open source Crypto Library Testing Tool that was launched to allow development teams to discover security vulnerabilities in popular cryptographic software libraries. “Project Wycheproof tests crypto libraries against known attacks. It is […]

Trusted Platform Module 2.0 flaws

Google released the Project Wycheproof, an open source tool designed to test most popular cryptographic software libraries against known attacks.

Google presented the Project Wycheproof, an open source Crypto Library Testing Tool that was launched to allow development teams to discover security vulnerabilities in popular cryptographic software libraries.

“Project Wycheproof tests crypto libraries against known attacks. It is developed and maintained by members of Google Security Team, but it is not an official Google product.” states the description of the project.

“At Google, we rely on many third party cryptographic software libraries. Unfortunately, in cryptography, subtle mistakes can have catastrophic consequences, and we found that libraries fall into such implementation pitfalls much too often and for much too long.”

The Project Wycheproof is completely developed in Java and implements tests for the most popular cryptographic libraries, including AES-EAX, AES-GCM, DH, DHIES, DSA, ECDH, ECDSA, ECIES and RSA. The more than 80 test cases developed by Google experts have led to the discovery of over 40 bugs in RSA, DSA.

In a single platform, researchers at Google included more than 80 test cases that cover known attacks scenarios against the crypto libraries. Google wants to share its experience to improve the security in development processes.

“Project Wycheproof is named after Mount Wycheproof, the smallest mountain in the world. The main motivation for the project is to have a goal that is achievable. The smaller the mountain the more likely it is to be able to climb it.” states Google.

The researchers who developed the platform explained that Project Wycheproof help them to discover the bugs present in the third party cryptographic software libraries they use for their projects. The testing tool allowed them to uncover more than 40 bugs.

“We have over 80 test cases which have uncovered more than 40 bugs. For example, we found that we could recover the private key of widely-used DSA and ECDHC implementations.” continues Google.

The Project Wycheproof is maintained by members of the Google Security Team, but it is not an official Google product. It is an open project, this means that everyone could share its experience to add another testing cases.

The maintainers will include them only after the development teams behind vulnerable libraries will patch them.

The bug discovered by the security experts that will be submitted to the Google Team qualify for a reward if the maintainers of the affected library cover it with a bug bounty program.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Project Wycheproof, encryption)