| |||||||||||||
an example of why unit tests help with securityan example of why unit tests help with securityPosted Jun 23, 2011 17:55 UTC (Thu) by zooko (subscriber, #2589)Parent article: A hole in crypt_blowfish
There's a bit of folklore in the security community that "You can't write a unit test for security.". While this is technically true in an absolute sense, it is often false in practice. I've been seeing quite a few security flaws which *would* have been caught by a standard unit test (e.g. the tarsnap flaw). This is another one of those. This flaw was, in fact, caught by a unit test. Too bad instead of "test first development" we have here "test thirteen years later". :-)
(Log in to post comments)
an example of why unit tests help with security Posted Jun 23, 2011 20:52 UTC (Thu) by solardiz (guest, #35993) [Link]
You're right. But I have something to add:
There were unit tests. crypt_blowfish had "make check" and even "make check_threads" (for thread-safety testing) for years. It's just that its test vectors were limited to more typical passwords, without 8-bit characters in them. The only somewhat unusual test vectors were an empty string and a 72-character string (maximum supported by this hashing method). The rest were more typical for passwords. And no 8-bit chars in any of them.
Similarly, John the Ripper tested its bcrypt implementation each time it was run on hashes of this type. And it used the same limited set of test vectors.
Both have now been corrected to include 8-bit test vectors, and crypt_blowfish to do a quick self-test every time it's called to hash a password.
BTW, I think the same lack of 8-bit test vectors applies to SHA-crypt. Anyone wants to fix that?
an example of why unit tests help with security Posted Jun 24, 2011 8:17 UTC (Fri) by tialaramex (subscriber, #21167) [Link]
"I think the same lack of 8-bit test vectors applies to SHA-crypt"
That's the first thing I worried about when I saw this bug reported.
|
|||||||||||||