The fuzzy tale of an x/crypto vulnerability

8a33421d2bcd8a9924c8a516619c2731?s=47 Michael McLoughlin
July 27, 2019
Programming
1
490

The fuzzy tale of an x/crypto vulnerability

On March 20, 2019, the Go team released a patch for a security vulnerability in x/crypto/salsa20. This talk will regale you with the full story from discovery by differential fuzzing, via low-level assembly root cause analysis to the contentious disclosure process.

Along the way we’ll explore testing practices for security-critical software, in particular the use of go-fuzz to check compatibility with reference implementations. Ultimately we’ll see how even the most subtle of mistakes in assembly code can have catastrophic implications.

8a33421d2bcd8a9924c8a516619c2731?s=128

Michael McLoughlin

July 27, 2019
Tweet

Want more?

8a33421d2bcd8a9924c8a516619c2731?s=48 Jul 25, 2019
3
530
8a33421d2bcd8a9924c8a516619c2731?s=48 Mar 25, 2019
2
3.9k
8a33421d2bcd8a9924c8a516619c2731?s=48 Aug 30, 2018
2
210
3d4519fd34b76fb265fc0237f3792bd4?s=48 Mar 17, 2019
134
14k
A9b18bbab50a3afb80222c0a85e710d0?s=48 Feb 12, 2019
133
10k
2f5463832ccb768ccb4a1ca3607c27ef?s=48 Feb 23, 2019
178
14k
D67fff74178013024d833b3eec6cf27f?s=48 Oct 7, 2018
226
13k
48c098b6579220a67a6ba949be6e4b5a?s=48 Nov 13, 2018
177
7.8k
C7393b7ba7ec9c8890dd77d209fbb3c9?s=48 Jul 20, 2018
468
33k
7c8469ee8c9e594c65c59b919626c08d?s=48 Jun 14, 2018
237
9.8k
1177e050db6bafe62885362edf6e3537?s=48 Jun 19, 2018
402
24k
9952dfcd5d338f8a8e7175c8a8f65fb5?s=48 Jun 18, 2018
309
13k