2023-8-31 00:0:0 Author: research.nccgroup.com(查看原文) 阅读量:21 收藏
During the summer of 2023, Entropy Cryptography Inc engaged NCC Group’s Cryptography Services team to perform a cryptography and implementation review of several Rust-based libraries implementing constant-time big integer arithmetic, prime generation, and secp256k1 (k256) elliptic curve functionality. Two consultants performed the review within 40 person-days of effort, which included retesting and report generation.
The three primary code repositories in scope for this review were:
- github.com/RustCrypto/crypto-bigint
- github.com/entropyxyz/crypto-primes
- github.com/RustCrypto/elliptic-curves/k256.
The review identified a range of issues that were addressed promptly once reported, with the proposed fixes aligning with the recommendations made in the report below.
Here are some related articles you may find interesting
5G security – how to minimise the threats to a 5G network
To ensure security of new 5G telecom networks, NCC Group has been providing guidance, conducting code reviews, red team engagements and pentesting 5G standalone and non-standalone networks since 2019. As with any network various attackers are motivated by different reasons. An attacker could be motivated to either gain information about…
Real World Cryptography Conference 2023 – Part II
After a brief interlude, filled with several articles from the Cryptography Services team, we’re back with our final thoughts from this year’s Real World Cryptography Conference. In case you missed it, check out Part I for more insights. Interoperability in E2EE Messaging A specter is haunting Europe – the specter…
View articles by category
如有侵权请联系:admin#unsafe.sh