Back to overview

Hurdles for Developers in Cryptography

Type of publication Peer-reviewed
Publikationsform Proceedings (peer-reviewed)
Author Hazhirpasand Mohammadreza, Nierstrasz Oscar, Shabani Mohammadhossein, Ghafari Mohammad,
Project Agile Software Assistance
Show all

Proceedings (peer-reviewed)

Page(s) 659 - 663
Title of proceedings 2021 IEEE International Conference on Software Maintenance and Evolution (ICSME)
DOI 10.1109/icsme52107.2021.00076

Open Access

Type of Open Access Repository (Green Open Access)


Prior research has shown that cryptography is hard to use for developers. We aim to understand what cryptography issues developers face in practice. We clustered 91 954 cryptography-related questions on the Stack Overflow website, and manually analyzed a significant sample (i.e., 383) of the questions to comprehend the crypto challenges developers commonly face in this domain. We found that either developers have a distinct lack of knowledge in understanding the fundamental concepts, e.g., OpenSSL, public-key cryptography or password hashing, or the usability of crypto libraries undermined developer performance to correctly realize a crypto scenario. This is alarming and indicates the need for dedicated research to improve the design of crypto APIs.