I present a new approach to test crypto software we developed together with JPAumasson: differential fuzzing and our newly released tool, CDF, implementing it along with many edge case tests for common algorithms such as ECDSA, DSA and RSA. CDF also features time leakage detection.
CDF allowed the discovery of issues in high-profile, widely used crypto software components such as Go's crypto package, OpenSSL, and mbedTLS.
It is easy to use CDF to test your own library and everything is performed in a black-boxfashion, so you only need to provide CDF with an executable to test it.
Yolan Romailler is a Security Researcher at Kudelski Seucrity, where he delves into (and dwells on) cryptography, crypto code, and other funthings. He graduated in mathematics at EPFL and later in information security at HES-SO, both in Switzerland. Twitter handle of presenter(s): anomalroil