Google project has small name but tackles big security issue
Project Wycheproof, named after the smallest mountain in the world, lets developers quickly check their cryptographic libraries against a large number of known attacks.
So far, Project Wycheproof has uncovered more than 40 security bugs, Google said.
Google on Monday released Project Wycheproof it described as "a set of security tests that check cryptographic software libraries for known vulnerabilities."
In cryptography, Google said, small mistakes can lead to catastrophic consequences. The project aims to stem mistakes that "repeat too often" in open source cryptographic libraries. The software in these libraries is responsible for encrypting and securing data as it's stored on devices or travels across the internet.
Google thinks this is an achievable goal. That's why the project is named after Australia's Mount Wycheproof, the smallest registered mountain in the world. "The smaller the mountain, the easy it is to climb it," said Google in a security blog post.
Project Wycheproof currently includes 80 test cases and has uncovered more than 40 security bugs. The company said it welcomes external contribution to the project. Google also clarified the capability of the project, writing "passing the tests doesn't mean a library is completely secure, just that it isn't vulnerable to the attacks Project Wycheproof can detect"
Google also said Project Wycheproof saves time by letting developers and users quickly check their libraries against a large number of known attacks instead of having to sift through hundreds of academic papers for the same outcome.
Editor's note (6/13/2017): Updated with additional attribution.