About twice the size since my last visit, a few years ago… diving into some geeky subjects over the weekend. More crowded rooms – hundreds of people showing up for esotheric topics that form the plumbing of the web.



Project Wycheproof: unit-testing cryptography

Using a unit-testing approach in cryptography. Somehow I had expected this to be common practice already, but it obviously includes quite a bit more knowledge, research and effort:

We’re excited to announce the release of Project Wycheproof, a set of security tests that check cryptographic software libraries for known weaknesses. We’ve developed over 80 test cases which have uncovered more than 40 security bugs (some tests or bugs are not open sourced today, as they are being fixed by vendors). For example, we found that we could recover the private key of widely-used DSA and ECDHC implementations.

Source: Google Online Security Blog: Project Wycheproof