Google recently launched WycheProof project, a collection of unit cases to detect weaknesses and behavior in cryptographic algorithms. Google has determined that any mistake in these algorithms will always lead to catastrophic consequences. Many times these cryptographic algorithms with mistakes remains undetected. To cure this disease cryptographers at Google have made several implementations.
In Google Official Blog, “Project Wycheproof provides tests for most cryptographic algorithms, including RSA, elliptic curve crypto, and authenticated encryption.”
Google has already developed 80 test cases to check the weakness in cryptographic software libraries. These test cases have already uncovered more than 40 security bugs, as mentioned in its official blog.
Since Java is having the most common cryptographic interface they have taken Java for its first set of tests. With the single set of the test suite, multiple providers can be tested. Google has also mentioned that it's WycheProof project is not completed. Since WycheProof is still in development stage completely relying on its test cases will not help. Passing the test cases does not mean that the algorithms are completely secured. It's just an assurance that the algorithm is not vulnerable to the attacks. Cryptographers at Google are working on finding different weaknesses and unknown bugs, which are still troubling the library users.
Leave a Reply
Your email address will not be published. Required fields are marked *