Full Report
Cryptography feels like black magic. When auditing code at QuarksLab, there are many little things that they report but don't just kill the security of the implementation immediately. In this article, they explain the little things and why they're still important to fix. Not standard means that something out of the ordinary is being done. For instance, using a untested/less used primitive like a MARs cipher. Although they may not pose a threat at the moment, things that are not battle tested may have unexpected issues. Non-standard usage is using a primitive in a weird/wrong way. An common example of this is using a bad random number generator. Or, generating an IV via a key generation function. Next, they talk about things that are Low security, still technically secure. These are things that have no impact at the moment but may in the future or if changes are made. An example of this is using RSA keys that are smaller than the maximum amount that has been currently factored or using a non-standard amount of iterations (200 vs 210 for instance). The most interesting to me was safety net saves all. This is where there is a vulnerability in part of the implementation but some feature, intended or unintended, or use case saves the day. This is akin to having multiple walls that are low security. I've seen the safety net saves all on multiple occasions but absolutely hate it. A section of code may be secure given the current use case but insecure in another. Down the road, the developers may use it in the insecure way, forgetting what was said about it. At the end, they mention that some clients have asked them to change the attacker model to make the system feel more secure. For instance, if the server in the middle was fully trusted, using a third party solution or a plain rewrite. Overall, a good post on minimal impact issues and how to talk about them with clients.
Analysis Summary
# Best Practices: Standardizing Cryptographic Implementations
## Overview
These practices address "low-impact" or "informational" cryptographic vulnerabilities that, while not immediately exploitable, represent deviations from the state of the art. The goal is to move implementations from "technically secure for now" to "resilient by design," preventing future compromises caused by evolving attacker capabilities or "safety net" failures.
## Key Recommendations
### Immediate Actions
1. **Inventory Primitives:** Audit all cryptographic primitives (ciphers, hash functions, RNGs) to identify non-standard or "exotic" choices (e.g., MARS, RC5).
2. **Verify IV/Nonce Generation:** Ensure Initialization Vectors (IVs) are generated using a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) rather than Key Derivation Functions (KDFs) or static counters.
3. **Update Parameters:** Immediately increase RSA key sizes to at least 3072 bits and ensure ECC curves meet current NIST or ANSSI standards.
### Short-term Improvements (1-3 months)
1. **Standardize Usage:** Refactor code to eliminate "weird" usage of primitives (e.g., using a hash function where a MAC is required).
2. **Eliminate "Safety Net" Dependencies:** Identify code sections that are only secure because of an external constraint (e.g., a specific buffer size or a trusted middle-box) and harden the crypto to be "secure by itself."
3. **Audit Randomness:** Replace system-default or weak random number generators with standard-compliant CSPRNGs across all modules.
### Long-term Strategy (3+ months)
1. **Crypto-Agility Framework:** Implement a layer that allows for the seamless swapping of primitives (e.g., moving to Post-Quantum Cryptography) without rewriting core logic.
2. **Continuous Benchmarking:** Establish a lifecycle to monitor cryptographic benchmarks and state agency recommendations (NIST, ANSSI, BSI) to stay ahead of deprecation cycles.
3. **Education & Culture:** Shift the internal "attacker model" away from trusting intermediaries (e.g., servers) toward a Zero-Trust/End-to-End Encrypted model.
## Implementation Guidance
### For Small Organizations
- **Stick to Defaults:** Use high-level, well-vetted libraries (like Libsodium or Nacl) rather than rolling custom implementations or choosing low-level primitives.
- **Focus on Compliance:** Follow "off-the-shelf" checklists from major standards to avoid the need for deep mathematical audits.
### For Medium Organizations
- **External Audits:** Conduct regular third-party audits. Treat "Informational" and "Low" findings as technical debt that must be cleared to prevent future "safety net" failures.
- **Policy Enforcement:** Create a restricted internal library of "approved" cryptographic wrappers for developers to use.
### For Large Enterprises
- **Dedicated Crypto-Team:** Employ specialists to monitor the "Language of Mordor" (academic updates) and translate them into actionable dev tickets.
- **Protocol Analysis:** Use formal verification or specialized tools to ensure that complex protocols do not rely on accidental safety nets.
## Configuration Examples
- **RSA:** Shift from 2048-bit to **3072-bit or 4096-bit**.
- **Hashing/KDF:** Ensure PBKDF2 iteration counts meet or exceed current OWASP/NIST recommendations (e.g., **600,000 for SHA-256**).
- **Ciphers:** Prefer **AES-GCM or ChaCha20-Poly1305** for authenticated encryption over simple AES-CBC.
## Compliance Alignment
- **NIST SP 800-57:** Recommendation for Key Management.
- **FIPS 140-3:** Security Requirements for Cryptographic Modules.
- **ANSSI:** French National Agency for the Security of Information Systems (often cited by Quarkslab for rigorous standards).
- **ISO/IEC 19790:** Security requirements for cryptographic modules.
## Common Pitfalls to Avoid
- **The "Safety Net" Fallacy:** Assuming a vulnerability doesn't matter because "the attacker can't reach that part of the code anyway."
- **Custom Cryptography:** Using "non-standard" tweaks to ciphers thinking obscurity adds security.
- **Trusting the Server:** Operating under an attacker model where the middle-man or server is inherently trusted, which negates the purpose of many cryptographic protections.
## Resources
- **Keylength[.]com:** (Use as a baseline, though verify with modern NIST/ANSSI docs).
- **Quarkslab Blog:** Deep dives into specific implementation flaws.
- **"Analysing Cryptography in the Wild" (Albrecht & Paterson):** Academic perspective on real-world crypto failures.
- **OWASP Cryptographic Storage Cheat Sheet:** Practical implementation guide.