A summer cryptography intern discovered two vulnerabilities in one of JavaScript's most critical cryptographic libraries, elliptic. Both vulnerabilities were caught using Wycheproof test vectors, standardized cryptography tests that every library should run, but many skip. Big lesson: cryptography libraries have inconsistent application of continuous cryptographic testing. The Wycheproof chapter in our Testing Handbook teaches you how to implement these tests in your CI/CD pipeline. https://lnkd.in/gS3S9VKg Read the blog: https://lnkd.in/gjYwbPG2
Cryptography intern finds vulnerabilities in elliptic library
This title was summarized by AI from the post below.
Cool post, Markus Schiffermüller FYI maybe it's useful or interesting: https://github.com/indutny/elliptic/pull/337 https://github.com/indutny/elliptic/pull/338 You can guess the consequences of these bugs;))