Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You can't unit test crypto. There are tests you can run to check for PRNGs being obviously broken, but that doesn't help you: the point of the article is that crypto has to be 100% right or it's 100% broken. It doesn't matter much to an attacker whether a flaw is "foolish/easy" or not: he can exploit you either way.

Also, a lot of the time the vulnerabilities are not in primitives like PRNGs, but in how application programmers combine the primitives in their application, and there's no way to unit test the security of that. The way to mitigate this is by developing and using high level library interfaces that make it very difficult to screw up.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: