A security review of the D library Crypto

Wed Jul 1 07:49:27 UTC 2020

On 1/7/20 9:19, Cym13 wrote:
> As some of you may know one of my hobbies is to review open source 
> software for security issues. About a year ago I reviewed the RSA 
> implementation of Crypto[1]: a native D library which, according to dub 
> statistics, is fairly popular.
> 
> Issues were found and after discussion with the author I decided to wait 
> for them to be fixed. A year later I would like to present the results 
> of an updated review of the library:
> 
> https://breakpoint.purrfect.fr/article/review_crypto_d.html
> 
> Here's what you should know if you are a user:
> 
> RSA, as implemented in the library, is still very much broken. I do not 
> recommend using it. The confidentiality and integrity of all messages 
> exchanged using this library must be questionned: if you exchanged 
> sensitive information such as passwords using it I recommend to change 
> them since their security is not guaranteed.
> 
> “Is this really the place to have this discussion? Shouldn't this be 
> between the author and you?“
> 
> The author was contacted a year ago and although our discussion was kind 
> and productive I have not heard from him since. Most of the issues 
> present today were already present in my first assessment. Some 
> modifications were made, but most recommendations were ignored. After a 
> year without action I feel that the users should know exactly what they 
> are exposed to since they are the ones affected by these security 
> issues. This follows standard vulnerability disclosure processes.
> 
> For all details and analysis I direct you to the blog post. It is a 
> rather thorough and technical read so I would recommend grabbing a cup 
> of tea first.
> 
> If you find any mistake or unclear parts I'll be glad to correct it so 
> feel free to point it out. Furthermore if you would like someone to have 
> a look at your project to identify issues I am always glad to help free 
> and open source projects that can't afford security review through 
> traditional means so feel free to reach out.
> 
> [1] https://code.dlang.org/packages/crypto

As somebody who also was somewhat involved in infosec and cryptography 
in a previous life, I found your article really interesting. So, first 
of all, thanks for taking the time to do the review and for publishing 
the results!

I see that you mostly focus on the algorithms, but did you also check 
for side-channel attacks (for instance, timing attacks), or given the 
flaws already found it would make little sense to go deeper?

I find that following a well-known algorithm is just the easy part when 
implementing crypto... the hard one is ironing out those pesky 
"implementation details". That's one of the reasons why I would try to 
use one of the "big" libraries for cryptography instead of rolling out 
my own, even if it meant adding an external C/C++ dependency to my project.