Dazed and Confused: What’s Wrong with Crypto Libraries? — Conclusions

cover
15 Jun 2024

Authors:

(1) Mohammadreza Hazhirpasand, University of Bern, Bern, Switzerland;

(2) Oscar Nierstrasz, University of Bern, Bern, Switzerland;

(3) Mohammad Ghafari, University of Auckland, Auckland, New Zealand.

VI. CONCLUSIONS

There have been numerous studies to investigate why crypto APIs are hard to use for developers. Such studies examined the issues from the developer’s point of view as well as the usability of crypto APIs. We were curious to observe what technical problems are common among different crypto libraries. We selected 25 discussions from 20 crypto libraries on Stack Overflow and to the best of our knowledge, we did not find any study in which 20 crypto libraries were considered. We identified 10 themes in the discussions and the majority of libraries were involved in more than five themes. There exist 0.04% of questions concerning attacks against cryptography, whereas 112 questions were related to encryption/decryption issues. The developers also asked questions mostly about library installation, digital certificates, crypto keys, and library interoperability. The implications of these findings can assist security and software professionals to correctly guide their team members when dealing with cryptography, and especially crypto libraries. Further work is certainly required to disentangle the problematic commonalities among various crypto libraries.

This paper is available on arxiv under CC BY 4.0 DEED license.