paint-brush
Dazed and Confused: What’s Wrong with Crypto Libraries? — Conclusionsby@cryptocolumns
122 reads

Dazed and Confused: What’s Wrong with Crypto Libraries? — Conclusions

by CryptoColumnsJune 15th, 2024
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

In this paper, researchers look into the types of problems that exist in various crypto libraries.
featured image - Dazed and Confused: What’s Wrong with Crypto
Libraries? — Conclusions
CryptoColumns HackerNoon profile picture

Authors:

(1) Mohammadreza Hazhirpasand, University of Bern, Bern, Switzerland;

(2) Oscar Nierstrasz, University of Bern, Bern, Switzerland;

(3) Mohammad Ghafari, University of Auckland, Auckland, New Zealand.

VI. CONCLUSIONS

There have been numerous studies to investigate why crypto APIs are hard to use for developers. Such studies examined the issues from the developer’s point of view as well as the usability of crypto APIs. We were curious to observe what technical problems are common among different crypto libraries. We selected 25 discussions from 20 crypto libraries on Stack Overflow and to the best of our knowledge, we did not find any study in which 20 crypto libraries were considered. We identified 10 themes in the discussions and the majority of libraries were involved in more than five themes. There exist 0.04% of questions concerning attacks against cryptography, whereas 112 questions were related to encryption/decryption issues. The developers also asked questions mostly about library installation, digital certificates, crypto keys, and library interoperability. The implications of these findings can assist security and software professionals to correctly guide their team members when dealing with cryptography, and especially crypto libraries. Further work is certainly required to disentangle the problematic commonalities among various crypto libraries.


This paper is available on arxiv under CC BY 4.0 DEED license.