SAS

Abstract

In theory, we understand how to provide security through cryptography, yet too often practice does not live up to this promise. In standards, cryptographic imperatives compete with other pragmatic needs. This work seeks to understand those non-cryptographic needs and shed light on how they impact cryptographic security. We survey security failures in cryptographic standards and implementations, and analyze common problems. For standards, we consider the example of problems with authentication and the slow but steady adoption of authenticated encryption. For implementations, we review reported vulnerabilities and assess typical misuses and failure modes. Lastly, we suggest some ways that the research and standards communities can collaborate.