Code examples and slides for the talk: "Crypto Fails and How to Tackle Them in Go" at go get -u community conference in May 2020.
$ go run main.go aes
$ go run main.go random
You can find the template usage in the corresponding go-file in the cmd package, e.g., cmd/aes.go to see the example to encrypt and decrypt a message.
-
Check out the cryptopasta repo by George Tankersley
-
The Gopher slack has a crypto channel which provides further information
-
Gosec can check for some crypto misuses like a usage of MD5.
-
Egele, M., Brumley, D., Fratantonio, Y., & Kruegel, C. (2013, November). An empirical study of cryptographic misuse in android applications. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (pp. 73-84). Paper
-
Krüger, S., Späth, J., Ali, K., Bodden, E., & Mezini, M. (2019). Crysl: An extensible approach to validating the correct usage of cryptographic apis. IEEE Transactions on Software Engineering. Paper
-
Veracode report: "The State of Software Security Today". Wepage