The fuzzy tale of an x/crypto vulnerability

8a33421d2bcd8a9924c8a516619c2731?s=47 Michael McLoughlin
July 27, 2019
Programming
1
530

The fuzzy tale of an x/crypto vulnerability

On March 20, 2019, the Go team released a patch for a security vulnerability in x/crypto/salsa20. This talk will regale you with the full story from discovery by differential fuzzing, via low-level assembly root cause analysis to the contentious disclosure process.

Along the way we’ll explore testing practices for security-critical software, in particular the use of go-fuzz to check compatibility with reference implementations. Ultimately we’ll see how even the most subtle of mistakes in assembly code can have catastrophic implications.

8a33421d2bcd8a9924c8a516619c2731?s=128

Michael McLoughlin

July 27, 2019
Tweet

Want more?

8a33421d2bcd8a9924c8a516619c2731?s=48 Jul 25, 2019
3
580
8a33421d2bcd8a9924c8a516619c2731?s=48 Mar 25, 2019
2
4k
8a33421d2bcd8a9924c8a516619c2731?s=48 Aug 30, 2018
2
230
C44e1f7e22c3f23cff7bc130871047ef?s=48 Apr 30, 2019
25
13k
B47b288784fda77a94aeb234ca743c24?s=48 Nov 18, 2019
24
2k
32de0bd2ba869609d26fd052a4622778?s=48 Oct 1, 2019
25
1.4k
2bb923c57a1fdc3a2eb484bb8d565fd2?s=48 Nov 19, 2019
19
1.8k
F29327647a9cff5c69618bae420792ea?s=48 Nov 20, 2019
19
1.1k
170b760e0147792d0140e59ec78e9893?s=48 Nov 15, 2019
34
2.7k
95d9f37115fbb0d13135d0f77132f856?s=48 Nov 13, 2019
34
3.8k
C0b42577cfc2b321be3474618107e933?s=48 Nov 8, 2019
15
2.2k
3d4519fd34b76fb265fc0237f3792bd4?s=48 Mar 17, 2019
160
17k