wycheproof
JDK
wycheproof | JDK | |
---|---|---|
12 | 193 | |
2,587 | 18,442 | |
- | 1.4% | |
0.0 | 10.0 | |
about 4 years ago | 1 day ago | |
Java | Java | |
Apache License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wycheproof
- Google's Project Wycheproof
- SHA-3 Buffer Overflow - CVE-2022-37454
-
When To Roll Your Own X
I failed to notice the relevant Wycheproof test vectors because they weren’t listed on the front page (they still aren’t).
-
Automated Tests Are the Safety Net that Saves You
When I wrote the Monocypher cryptographic library, I didn't really know how to write serous tests. With some help, I eventually got something pretty good, with 100% code and path coverage, that test every possible input lengths as well as obscure corner cases I stole from various places (most notably Whycheproof).
- Project Wycheproof
- Psychic Signatures in Java
- What are some real-world security issues in cryptography?
-
How to verify ECC double and add algorithm implementation
"GitHub - google/wycheproof: Project Wycheproof tests crypto libraries against known attacks." https://github.com/google/wycheproof
-
An Illustrated Guide to Elliptic Curve Cryptography Validation
Thankfully, Curve25519 is much easier to implement, with much fewer death traps than short Weierstraß curves. For X25519, just follow DJB’s advice from ECC Hacks https://www.youtube.com/watch?v=vEt-D8xZmgE and make sure your arithmetic is up to snuff (constant time arithmetic is actually the hard part, by default I strongly suggest you steal it from the ref10 implementation).
For EdDSA, just follow the relevant explicit formulas, avoid clever (but dangerous) tricks such as converting to Montgomery form and back, and test with Wycheproof’s Ed25519 test vectors. https://github.com/google/wycheproof/blob/master/testvectors...
-
Is AES 256-bit good enough for files.
Have you tested all your applicable components against the Wycheproof test vectors and passed?
JDK
- Intel submitted OpenJDK PRs for supporting new 64 bit general purpose registers
-
Show HN: I Built a Java IDE for iPad
I felt out of the loop, thinking that Zero VM was some kind of new distro for OpenJDK but chasing <https://packages.debian.org/sid/openjdk-22-jre-zero#:~:text=...> to <https://sources.debian.org/src/openjdk-11/11.0.23%2B9-1/debi...> lead me to https://github.com/openjdk/jdk/tree/jdk-22-ga/src/hotspot/cp...
It seems that it's a specific CPU target for the Hotspot JIT for non-mainstream architectures (or for research purposes, as I saw mentioned once)
- JEP draft: Exception handling in switch
-
Java 23: The New Features Are Officially Announced
Completely gutted from the OpenJDK, last I checked. See here for the culprit PR: https://github.com/openjdk/jdk/pull/18688
-
macOS 14.4 might break Java on your machine
> Yes, they're changing one aspect of signal handler use to work around this problem. They're not stopping the use of signal handlers in general. Hotspot continues to use signals for efficiency in general. See https://github.com/openjdk/jdk/blob/9059727df135dc90311bd476...
This whole thread is about SIGSEGV, and specifically their SIGSEGV handling. However, catching normal signals is not about efficiency.
Some of their exception handling is still odd: There is no reason for a program that receives SIGILL to ever attempt continuing. But others is fine, like catching SIGFPE to just forward an exception to the calling code.
(Sure, you could construct an argument to say that this is for efficiency if you considered the alternative to be implementing floating point in software so that all exceptions exist in user-space, but hardware floating point is the norm and such alternative would be wholly unreasonable.)
> The wonderful thing about choosing not to care about facts is having whatever opinions you want.
I appreciate the irony of you making such statement, proudly thinking that your opinion equals fact, and therefore any other opinion is not.
This discussion is nothing but subjective opinion vs. subjective opinion. Facts are (hopefully, as I can only speak for myself) inputs to both our opinions, but no opinion about "good" or "bad", "nasty" or not can ever be objective. Objective code quality does not exist.
-
The Return of the Frame Pointers
I remember talking to Brendan about the PreserveFramePointer patch during my first months at Netflix in 2015. As of JDK 21, unfortunately it is no longer a general purpose solution for the JVM, because it prevents a fast path being taken for stack thawing for virtual threads: https://github.com/openjdk/jdk/blob/d32ce65781c1d7815a69ceac...
- JDK-8180450: secondary_super_cache does not scale well
- The One Billion Row Challenge
- AVX2 intrinsics for Arrays.sort methods (int, float arrays)
- A gentle introduction to two's complement
What are some alternatives?
ejbca-ce - EJBCA® – Open-source public key infrastructure (PKI) and certificate authority (CA) software.
Graal - GraalVM compiles Java applications into native executables that start instantly, scale fast, and use fewer compute resources 🚀
kyberJCE - Pure Java implementation of the Kyber (version 3) post-quantum IND-CCA2 KEM.
aircraft - The A32NX & A380X Project are community driven open source projects to create free Airbus aircraft in Microsoft Flight Simulator that are as close to reality as possible.
cryptofuzz - Fuzzing cryptographic libraries. Magic bug printer go brrrr.
steam-runtime - A runtime environment for Steam applications
Monocypher - An easy to use, easy to deploy crypto library
OkHttp - Square’s meticulous HTTP client for the JVM, Android, and GraalVM.
jdk17u - https://wiki.openjdk.org/display/JDKUpdates/JDK+17u
kitten - A statically typed concatenative systems programming language.
noise_spec - Noise Specification
intellij-community - IntelliJ IDEA Community Edition & IntelliJ Platform