Google using Project Wycheproof to scan crypto software for security holes

The Google Security Team has a new set of security tests to check cryptographic software libraries for known weaknesses. The company has already used Project Wycheproof to create more than 80 test cases that have so far uncovered more than 40 security bugs.

The project is developed and maintained by members of the Google Security Team, but isn’t an official Google product. It’s named after Mount Wycheproof, the smallest mountain in the world.

“The main motivation for the project is to have a goal that is achievable,” Google security engineers Daniel Bleichenbacher and Thai Duong wrote in the company’s security blog.  “The smaller the mountain the more likely it is to be able to climb it!”

Security holes already uncovered using Project Wycheproof include the ability to recover the private key of widely used DSA and ECDHC implementations. As part of the project, the team provides “ready-to-use” tools to check Java Cryptography Architecture providers such as Bouncy Castle and the default providers in OpenJDK.

Project Wycheproof tests for weaknesses in most cryptographic algorithms, such as RSA, elliptic curve cryptography and authenticated encryption.

“In cryptography, subtle mistakes can have catastrophic consequences, and mistakes in open source cryptographic software libraries repeat too often and remain undiscovered for too long,” the engineers wrote. “Good implementation guidelines, however, are hard to come by: understanding how to implement cryptography securely requires digesting decades’ worth of academic literature. We recognize that software engineers fix and prevent bugs with unit testing, and we found that many cryptographic issues can be resolved by the same means.”

Though it has already been put to vigorous use and produced the results described above, the engineers said Project Wycheproof is not yet complete. They noted that passing the tests doesn’t necessarily mean the library is secure. It simply means it’s not vulnerable to the attacks Project Wycheproof tests for.

Nevertheless, they wrote, developers and users now have the ability to check their libraries against many known attacks without having to spend years reading academic papers or becoming cryptographers themselves.