On 1/7/20 9:19, Cym13 wrote:
As some of you may know one of my hobbies is to review open source
software for security issues. About a year ago I reviewed the RSA
implementation of Crypto[1]: a native D library which, according to dub
statistics, is fairly popular.
Issues were found and after discussion with the author I decided to wait
for them to be fixed. A year later I would like to present the results
of an updated review of the library:
https://breakpoint.purrfect.fr/article/review_crypto_d.html
Here's what you should know if you are a user:
RSA, as implemented in the library, is still very much broken. I do not
recommend using it. The confidentiality and integrity of all messages
exchanged using this library must be questionned: if you exchanged
sensitive information such as passwords using it I recommend to change
them since their security is not guaranteed.
“Is this really the place to have this discussion? Shouldn't this be
between the author and you?“
The author was contacted a year ago and although our discussion was kind
and productive I have not heard from him since. Most of the issues
present today were already present in my first assessment. Some
modifications were made, but most recommendations were ignored. After a
year without action I feel that the users should know exactly what they
are exposed to since they are the ones affected by these security
issues. This follows standard vulnerability disclosure processes.
For all details and analysis I direct you to the blog post. It is a
rather thorough and technical read so I would recommend grabbing a cup
of tea first.
If you find any mistake or unclear parts I'll be glad to correct it so
feel free to point it out. Furthermore if you would like someone to have
a look at your project to identify issues I am always glad to help free
and open source projects that can't afford security review through
traditional means so feel free to reach out.
[1] https://code.dlang.org/packages/crypto
As somebody who also was somewhat involved in infosec and cryptography
in a previous life, I found your article really interesting. So, first
of all, thanks for taking the time to do the review and for publishing
the results!
I see that you mostly focus on the algorithms, but did you also check
for side-channel attacks (for instance, timing attacks), or given the
flaws already found it would make little sense to go deeper?
I find that following a well-known algorithm is just the easy part when
implementing crypto... the hard one is ironing out those pesky
"implementation details". That's one of the reasons why I would try to
use one of the "big" libraries for cryptography instead of rolling out
my own, even if it meant adding an external C/C++ dependency to my project.