Cryptofuzz Alternatives

Similar projects and alternatives to cryptofuzz

crates.io

660 2,796 10.0 Rust cryptofuzz VS crates.io

The Rust package registry
rustls

57 5,437 9.9 Rust cryptofuzz VS rustls

A modern TLS library in Rust
WorkOS

workos.com sponsored

The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
writeups

8 122 6.6 Python cryptofuzz VS writeups

CTF writeups from The Flat Network Society (by TFNS)
wycheproof

12 2,587 0.0 Java cryptofuzz VS wycheproof

Discontinued Project Wycheproof tests crypto libraries against known attacks.
onefuzz

4 2,780 0.0 C# cryptofuzz VS onefuzz

Discontinued A self-hosted Fuzzing-As-A-Service platform
beacon-fuzz

1 156 3.5 Rust cryptofuzz VS beacon-fuzz

Differential Fuzzer for Ethereum 2.0
radamsa

5 - - cryptofuzz VS radamsa
InfluxDB

www.influxdata.com sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
doubleback

1 0 0.0 C cryptofuzz VS doubleback

Doubleback provides round-trip parsing and printing of 64-bit double-precision floating-point numbers using the Ryu algorithm implemented in multiple programming languages. Doubleback is biased towards "human-friendly" output which round-trips consistently between binary and decimal.
Sloth

1 115 2.9 C++ cryptofuzz VS Sloth

Sloth 🦥 is a coverage guided fuzzing framework for fuzzing Android Native libraries that makes use of libFuzzer and QEMU user-mode emulation (by ant4g0nist)
wtf

1 1,349 5.6 C++ cryptofuzz VS wtf

wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-mode (experimental!). (by 0vercl0k)
HEDB

1 50 8.1 C++ cryptofuzz VS HEDB

Towards A Secure Yet Maintainable Encrypted Database

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better cryptofuzz alternative or higher similarity.

Suggest an alternative to cryptofuzz

cryptofuzz reviews and mentions

Posts with mentions or reviews of cryptofuzz. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-03-06.

Java ECDSA trivial signature bypass
1 project | /r/crypto | 20 Apr 2022

There is also the cryptofuzz
What are some real-world security issues in cryptography?
3 projects | /r/cryptography | 6 Mar 2022
The biggest source of vulnerabilities in cryptographic libraries is memory safety bugs, not cryptography bugs
3 projects | /r/rust | 27 Feb 2022

2) There's a popular fuzzing technique, called "differential fuzzing" that works especially well for cryptographic libraries. The idea is to have the fuzzer look for both memory safety issues (like buffer overflows, even if they're too small to cause a crash AddressSaniziter can detect) and actual logic bugs in the cryptography implementation (e.g. the output of one implementation not matching the output of another, given the same state/inputs).
You Shouldn't Roll Your Own Crypto: An Empirical Study
1 project | news.ycombinator.com | 25 Jul 2021

I understand that they base their research on CVE data because it offers normalized quantifiers of severity and scope, but in my experience vendors by and large don't bother with CVE's for API bugs even when the affected primitive is clearly malfunctioning (memory or correctness issues).
I've been deeply fuzzing cryptographic libraries for a few years and found about 130 bugs [1]. The vast majority of these did not receive a CVE. Now some of these are merely theoretical, others will only manifest under particular circumstances like specific calling sequences, others were caught in the development phase before landing in stable releases, but a number of them are outright vulnerabilities. The usefulness of CVE incidence is questionable when it is so strongly influenced by the vendor's propensity for reporting these.
[1] https://github.com/guidovranken/cryptofuzz#bugs-found-by-cry...
What Is Fuzz Testing?
5 projects | news.ycombinator.com | 7 Apr 2021

[1]: https://guidovranken.com/2019/05/14/differential-fuzzing-of-...
Cyber Security; Beginner Roadmap
1 project | news.ycombinator.com | 17 Jan 2021

I don't have any certs (apart from malformed X509 files..) so I can't speak of their effectiveness. What has worked for me is having a strong presence in open source. I just show people one of my projects like [1] and nobody asks about certs or education, ever. I spend most of my free time on these projects so cultivating a sizeable project might not be a suitable route for anyone who has a life outside of computers, though having some kind of publicly available utility where a prospective employer can check out your coding style and skills is probably a decent way to stand out amidst a sea of applicants.
[1] https://github.com/guidovranken/cryptofuzz
A note from our sponsor - WorkOS
workos.com | 26 Apr 2024

The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →