Crypto code: the 9 circles of testing

March 16, 2016 (at 5 p.m.) in SAP Security

Major crypto vulnerabilities would have been detected if we had better testing methodologies and tools. Heartbleed, Gotofail, or FREAK are some the most dramatic examples, but there are many others and many that we haven't discovered yet. To help fix this, and to show how hard it is to test crypto code, this talk will go through the simplest to the most sophisticated methods, from basic test vectors to fuzzing and verification. I'll show code examples, and the limitations of each class of test.

Jean-Philippe Aumasson

Jean-Philippe (JP) Aumasson is Principal Research Engineer at Kudelski Security, in Switzerland. He designed the popular cryptographic functions BLAKE2 and SipHash, and the new authenticated cipher NORX. He has spoken at Black Hat, DEFCON, RSA, CCC, SyScan, Troopers. He initiated the Crypto Coding Standard and the Password Hashing Competition projects, co-wrote the 2015 book "The Hash Function BLAKE", and will release a new cryptography book in 2017 for a wider audience. JP tweets as @veorq.