A security review of the D library Crypto

[Cym13]

As some of you may know one of my hobbies is to review open 
source software for security issues. About a year ago I reviewed 
the RSA implementation of Crypto[1]: a native D library which, 
according to dub statistics, is fairly popular.

Issues were found and after discussion with the author I decided 
to wait for them to be fixed. A year later I would like to 
present the results of an updated review of the library:

https://breakpoint.purrfect.fr/article/review_crypto_d.html

Here's what you should know if you are a user:

RSA, as implemented in the library, is still very much broken. I 
do not recommend using it. The confidentiality and integrity of 
all messages exchanged using this library must be questionned: if 
you exchanged sensitive information such as passwords using it 
I recommend to change them since their security is not guaranteed.

“Is this really the place to have this discussion? Shouldn't this 
be between the author and you?“

The author was contacted a year ago and although our discussion 
was kind and productive I have not heard from him since. Most of 
the issues present today were already present in my first 
assessment. Some modifications were made, but most 
recommendations were ignored. After a year without action I feel 
that the users should know exactly what they are exposed to since 
they are the ones affected by these security issues. This follows 
standard vulnerability disclosure processes.

For all details and analysis I direct you to the blog post. It is 
a rather thorough and technical read so I would recommend 
grabbing a cup of tea first.

If you find any mistake or unclear parts I'll be glad to correct 
it so feel free to point it out. Furthermore if you would like 
someone to have a look at your project to identify issues I am 
always glad to help free and open source projects that can't 
afford security review through traditional means so feel free to 
reach out.

[1] https://code.dlang.org/packages/crypto