Articles by Julio Loayza Meneses

The OSTIF collaborated with Quarkslab to conduct a security audit of Paramiko, a pure-Python implementation of SSHv2 that provides both client- and server-side functionality. Given the sensitivity and importance of the target, the review focused not only on Paramiko itself but also on its dependencies. The assessment covered its interaction with rust-openssl bindings, the use of secure entropy sources, adherence to constant-time requirements, as well as code quality, testing practices, and the CI/CD pipeline, with the goal of identifying opportunities for further hardening.

The Open Source Technology Improvement Fund, Inc, thanks to funding provided by Sovereign Tech Fund, engaged with Quarkslab to perform a security audit of PHP-SRC, the interpreter of the PHP language.

Following the introduction of crypto-condor and differential fuzzing in earlier blogposts, we showcase a use case where Quarsklab's automated test suite for cryptographic implementations allowed us to improve the reference implementation of the recently standardized HQC scheme.

In this blog post we present crypto-condor, an open-source test suite for compliance testing of implementations of cryptographic primitives.