From Implementing and Exploiting Cryptography by Bill Cox and Kamran Khan

Implementing and Exploiting Cryptography details dozens of practical cryptographic implementations and then breaks down the flaws that adversaries use to exploit them.


Cryptography has recently been thrust into the limelight thanks to cryptocurrencies, but it has been around for far longer than that. It protects everything we do in the digital world and is the last and most reliable line of defense for our data. Despite its significance and success, cryptography is anything but infallible. While the theoretical foundations of this field of knowledge are pretty sturdy, the practical applications seem almost doomed to eventually run afoul of one implementation mistake or another.

Cryptography is not new; at its core, it is driven by mathematical ideas that are sometimes hundreds of years old. There are dozens of books with excellent coverage of cryptographic theory and examples of how to implement that theory in academic settings.

Getting cryptography right is paramount for ensuring digital security in the modern world. The mathematical ideas and theory behind cryptography are quite hard to break, while the implementations (transforming mathematical ideas to reality via engineering processes, e.g. programming code and designing hardware) have orders of magnitude more vulnerabilities that are much easier to exploit. For these reasons, malicious actors regularly target flaws in implementations to “break” crypto. We wanted to capture these attacks with an organized approach so that engineers working in information security can use this book to build an elementary intuition for how cryptographic engineering usually falls prey to adversaries.

A good understanding of how physical locks work, for example, can be obtained by learning how to pick locks. That’s essentially what this book is about. While many books explain how cryptography is implemented (akin to how locks are made), this book builds an understanding of cryptography by looking at how cryptographic locks are usually picked. Most cryptographic code is broken via vulnerabilities in implementation as opposed to weaknesses in mathematical theory.

Most books about cryptography advise against relying on your cryptographic implementations. This book is going to do the same! The difference, however, is that this book covers how cryptography is implemented in the real world and how it has been broken time and again. These ideas and practices are interspersed throughout presentations, blog posts, research papers, specialized documents, and vulnerability reports. This book aims to capture the intricacies, pitfalls, and hard-learned lessons from these resources and present them in an organized manner.

What will you learn in this book?

This book will teach you how popular cryptographic algorithms are implemented in practice and how they are usually broken. The reader can use this information as an introduction to cryptography but we are not going to cover the underlying theory behind those algorithms.

We will be using the Go programming language for most of the coding examples in this book. Go is a simple language that is well-suited for rapid prototyping and teaching engineering concepts. Code listings and exercise solutions are available publicly at the GitHub repository at https://github.com/krkhan/crypto-impl-exploit.

There are good reasons for why most people should not implement their cryptography in production code (i.e. code that business outcomes rely on). Cryptographic implementations are extremely hard to get right. Therefore, when choosing how to leverage cryptography, the better engineering decision is to rely on existing implementations that are widely used and thoroughly tested. For example, OpenSSL is a popular cryptographic engine that has had its fair share of bugs over the years but is a safe choice because of the large number of huge enterprises and governments that rely on it for security. It is in the combined vested interests of all those entities that bugs in OpenSSL be discovered and fixed as soon as possible.

The general principle in security engineering is to hedge your bets with the broader community and big players. For example, instead of writing your cryptographic protocol (and associated code) for message encryption, you should rely on TLS (Transport Layer Security) and specifically on versions and algorithms of TLS recommended for a good security posture.

Therefore, for most businesses and organizations, the recommended security design involves following the best engineering practices and using existing cryptographic solutions the right way, which in itself is a significant challenge on its own (e.g. you can certainly end up using the right cryptographic fundamentals while overlooking some weaknesses caused by complexities of their interactions).

Building an intuition for how security designs are weakened by flaws in cryptographic implementations is not straightforward. This book aims to help the reader start grokking the general attack principles and some common scenarios in which those principles are applied.

This understanding can help you in a few different areas, such as:

  • If you are going to be working on implementing cryptography, possibly at one of the large enterprises, and how to avoid common pitfalls.
  • How to perform code reviews and assess the security posture of existing implementations.
  • When security vulnerabilities get discovered and published about existing cryptographic software, how to assess the implications and reason for those bugs substantively?

li>If you do need to implement cryptography for something that isn’t widely used as yet, e.g. cryptographic elections, or leverage cryptography for improving privacy in machine learning algorithms, and how to follow the best practices for writing secure code.

None of this will preempt the need for getting your code reviewed by as many experts as possible. You cannot point to any cryptographic implementation and claim that it is secure. The best you can do is to have as many people try to break it as possible and then fix the bugs as fast as possible to build confidence in the codebase. Linus Torvalds (the creator of the Linux operating system) once famously quipped, “given enough eyeballs, all bugs are shallow”. For cryptographic code that is both a curse and a blessing. When bugs are found in cryptographic code they produce vulnerabilities. On the other hand, when you have enough eyeballs you approach the tail-end of remaining bugs as they become harder to find and the code in question becomes reasonably safe. This book aims to assist in the training of those eyeballs.

If you want to learn more, check out the book here.