10 Guidelines and common pitfalls for cryptographic implementations

This chapter covers

The importance of high-quality randomness
Padding implementation challenges
Side-channel attacks and constant-time implementations
The dangers of intermingling control flow and secret values
The importance of memory-safety and type-safety
Understanding vulnerabilities associated with a lack of atomicity

This is the last chapter in this book. The previous chapters covered how specific algorithms are used to achieve the goals of confidentiality, integrity and authenticity, and how attackers exploited certain weaknesses to circumvent those goals. In this chapter, we take a step back and examine a general view of what makes cryptographic implementations fail and the common approaches and best practices for avoiding those pitfalls.

10.1 A brief recap of attacks from previous chapters

Before we generalize the lessons, let’s revisit the vulnerabilities and attacks we have implemented over the course of this book.

10.1.1 Random number generators

10.1.2 Stream ciphers

10.1.3 Block ciphers

10.1.4 Hash functions

10.1.5 Message authentication codes

10.1.6 Asymmetric encryption

10.1.7 Digital signatures

10.2 One vulnerability to rule them all: Poor-quality randomness

10.3 Padding: Challenges with fitting things neatly

10.4 Constant-time implementations and timing attacks

10.4.1 Comparing data in constant time

10.4.2 Timing attacks and side-channel analysis

10.5 Control flow and secrets: A dangerous mix

Summary