How Usable are Rust Cryptography APIs?

by   Kai Mindermann, et al.

Context: Poor usability of cryptographic APIs is a severe source of vulnerabilities. Aim: We wanted to find out what kind of cryptographic libraries are present in Rust and how usable they are. Method: We explored Rust's cryptographic libraries through a systematic search, conducted an exploratory study on the major libraries and a controlled experiment on two of these libraries with 28 student participants. Results: Only half of the major libraries explicitly focus on usability and misuse resistance, which is reflected in their current APIs. We found that participants were more successful using rust-crypto which we considered less usable than ring before the experiment. Conclusion: We discuss API design insights and make recommendations for the design of crypto libraries in Rust regarding the detail and structure of the documentation, higher-level APIs as wrappers for the existing low-level libraries, and selected, good-quality example code to improve the emerging cryptographic libraries of Rust.



There are no comments yet.


page 1

page 2

page 3

page 4


You Really Shouldn't Roll Your Own Crypto: An Empirical Study of Vulnerabilities in Cryptographic Libraries

The security of the Internet rests on a small number of open-source cryp...

Zero-cost meta-programmed stateful functors in F*

Writing code is hard; proving it correct is even harder. As the scale of...

Fluid Intelligence Doesn't Matter! Effects of Code Examples on the Usability of Crypto APIs

Context: Programmers frequently look for the code of previously solved p...

Don't forget your classics: Systematizing 45 years of Ancestry for Security API Usability Recommendations

Producing secure software is challenging. The poor usability of security...

Dazed and Confused: What's Wrong with Crypto Libraries?

Recent studies have shown that developers have difficulties in using cry...

The Unix KISS: A Case Study

In this paper we show that the initial philosophy used in designing and ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.