Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Automated Testing of Crypto Software Using Differential Fuzzing

Black Hat via YouTube

Overview

Learn about differential fuzzing, a novel approach to systematically test cryptographic software, in this 36-minute Black Hat conference talk. Explore how this method differs from general-purpose software fuzzing by focusing on logic bugs rather than memory corruption issues. Discover the principles behind testing hash functions, PRNGs, and encryption algorithms using this technique. Gain insights into the Crypto Differential Fuzzing (CDF) tool and its applications for testing various cryptographic primitives, including ECDSA and RSA encryption. Examine real-world findings, timing leak detection, and general observations from implementing this approach. Enhance your understanding of automated testing in cryptography and its potential to improve software security.

Syllabus

Intro
Roadmap
Testing crypto
Testing what?
Automated testing
Approach: differential fuzzing
New tool from old ideas
Principle for hash functions, PRNG
Principle for encryption
A new tool: CDF
CDF - Crypto Differential Fuzzing
So you want to test ECDSA
Generic ECDSA Interface in CDF
CDF interfaces
Simplest case keyed hash PRF, MAC
Example of ECDSA test
RSA encryption
Timing leaks detection
Issues found
Findings summary
General observations
Conclusions

Taught by

Black Hat

Reviews

Start your review of Automated Testing of Crypto Software Using Differential Fuzzing

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.