Hurdles for Developers in Cryptography
This identifies critical usability issues in cryptography for software developers, which is incremental as it builds on prior research about developer difficulties.
The study analyzed 91,954 cryptography-related Stack Overflow questions and found that developers struggle due to a lack of fundamental knowledge or poor usability of crypto libraries, hindering correct implementation of cryptographic scenarios.
Prior research has shown that cryptography is hard to use for developers. We aim to understand what cryptography issues developers face in practice. We clustered 91954 cryptography-related questions on the Stack Overflow website, and manually analyzed a significant sample (i.e., 383) of the questions to comprehend the crypto challenges developers commonly face in this domain. We found that either developers have a distinct lack of knowledge in understanding the fundamental concepts, \eg OpenSSL, public-key cryptography or password hashing, or the usability of crypto libraries undermined developer performance to correctly realize a crypto scenario. This is alarming and indicates the need for dedicated research to improve the design of crypto APIs.