Automated Testing using Crypto Differential Fuzzing (DO NOT RECORD)

DEF CON 25

Presented by: Yolan Romailler
Date: Saturday July 29, 2017
Time: 17:30 - 18:00
Location: Florentine Ballroom 4
Track: Crypto and Privacy Village

I present a new approach to test crypto software we developed together with JPAumasson: differential fuzzing and our newly released tool, CDF, implementing it along with many edge case tests for common algorithms such as ECDSA, DSA and RSA. CDF also features time leakage detection.

CDF allowed the discovery of issues in high-profile, widely used crypto software components such as Go's crypto package, OpenSSL, and mbedTLS.

It is easy to use CDF to test your own library and everything is performed in a black-boxfashion, so you only need to provide CDF with an executable to test it.

Yolan Romailler

Yolan Romailler is a Security Researcher at Kudelski Seucrity, where he delves into (and dwells on) cryptography, crypto code, and other funthings. He graduated in mathematics at EPFL and later in information security at HES-SO, both in Switzerland. Twitter handle of presenter(s): anomalroil


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats