The biggest source of vulnerabilities in cryptographic libraries is memory safety bugs, not cryptography bugs

This page summarizes the projects mentioned and recommended in the original post on /r/rust
Cryptography Fuzzing TLS Rust Security

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • rustls

    A modern TLS library in Rust

    • This makes a surprisingly strong case for the approach taken by libraries such as rustls, which are written in Rust and are dramatically smaller in size than most of the alternatives.

  • crates.io

    The Rust package registry

    • (Outside of crates.io)

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • cryptofuzz

    Fuzzing cryptographic libraries. Magic bug printer go brrrr.

    • 2) There's a popular fuzzing technique, called "differential fuzzing" that works especially well for cryptographic libraries. The idea is to have the fuzzer look for both memory safety issues (like buffer overflows, even if they're too small to cause a crash AddressSaniziter can detect) and actual logic bugs in the cryptography implementation (e.g. the output of one implementation not matching the output of another, given the same state/inputs).

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts