Developers' crypto design choices

At CCS last week, an interesting paper was presented looking at crypto choices made by Android developers across a sample of around 12,000 apps.   
<http://www.cs.ucsb.edu/~chris/research/doc/ccs13_cryptolint.pdf>

Of those apps, 88% made bad crypto design decisions from the following list (selected by the authors):  

1. Using ECB (because it’s the BouncyCastle default)
2. Using a constant symmetric key
3. Using ECB (by choice)  
4. Using a constant IV
5. Using <1000 iterations for PBKDF
6. Seeding PRNG with a static value
7. Using static salt for PBKDF

It seems worth observing that providing safe parameters by default (IVs, salt, iterations) and providing recommended default algorithms (not ECB) would have prevented literally thousands of apps from having vulnerabilities in their use of cryptography.

I’m seriously not trying to re-open the issue of auto-generation (beyond ISSUE-44).  But it does seem like these results sort of undermine the claim that this API will only be used by “experienced cryptographers”.

—Richard  

Received on Thursday, 14 November 2013 09:28:32 UTC