Skip to main content

Project Wycheproof Reveals Bugs In Popular Crypto Libraries

Google has released Project Wycheproof, a set of security tests that check cryptographic software libraries for known weaknesses. Having developed over 80 test cases more than 40 security bugs have been uncovered.

In order to have good cryptography two ingredients require to be in place. The first is the strength of the cipher primitive itself. This is a property that  classifies it as suitable or not to build an application on. For example in the TLS protocol, documented in "SSL and TLS Deployment Best Practices-Use Secure Cipher Suites" not all ciphers are recommended for use. In that list for example, we find some obsolete cryptographic primitives that are not secure and must be avoided:

full article on i-programmer
Labels:

Comments

Post a Comment

Popular posts from this blog

Book Review : How To Create Pragmatic, Lightweight Languages

At last, a guide that makes creating a language with its associated baggage of lexers, parsers and compilers, accessible to mere mortals, rather to a group of a few hardcore eclectics as it stood until now.

The first thing that catches the eye, is the subtitle:

The unix philosophy applied to language design, for GPLs and DSLs"
What is meant by "unix philosophy" ?. It's taking simple, high quality components and combining them together in smart ways to obtain a complex result; the exact approach the book adopts.
I'm getting ahead here, but a first sample of this philosophy becomes apparent at the beginnings of Chapter 5 where the Parser treats and calls the Lexer like  unix's pipes as in lexer|parser. Until the end of the book, this pipeline is going to become larger, like a chain, due to the amount of components that end up interacting together.

The book opens by putting things into perspective in Chapter 1: Motivation: why do you want to build lan…
Post a Comment
Read more

Deep Angel-The AI of Future Media Manipulation

Undeniably, we live in the era of media manipulation. Such powerful and accessible tools exist today that nearly everyone can do it. Now add to this collection Deep Angel, an artificial intelligence that can erase objects from photographs and videos.

I was notified of Deep Angel around the time I was watching Kill Switch, a futuristic and dystopic movie about our Earth getting cloned in order to suck the resources of the cloned planet, something that would sustain our world's energy needs for at least another millennium. To cut a long story short... full article on i-programmer.info
Post a Comment
Read more

SAP's Creating Trustworthy and Ethical Artificial Intelligence

With the ink hardly dry on the pages of the EU Ethical AI Guidelines manifest, a free online course exploring the issues they raise is already in prospect on the openSAP platform. Run by members of the very same group, the European Union’s High-Level Expert Group on Artificial Intelligence, who wrote the guidelines and in cooperation with SAP's online education platform, a course with the titleCreating Trustworthy and Ethical Artificial Intelligence has been made accessible to anyone with an interest on AI or ML:
full article on i-programmer.info
Post a Comment
Read more