Completed
What's single sign-on?
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
How to Implement Crypto Poorly
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Who am I?
- 3 Don't roll your own crypto!
- 4 What's single sign-on?
- 5 What's custom single sign-on?
- 6 I found this emergency fix
- 7 The Freshdesk Flaw
- 8 The Custom Single Sign-on Survey
- 9 Basic Stats
- 10 No HMAC: Length Extension Attacks
- 11 No HMAC: Preimage Attacks
- 12 HMAC: Explained
- 13 What percent actually used an HMAC?
- 14 Uses Obsolete Crypto Primitives
- 15 What percent used a best practice cipher? Best Practice Cipher
- 16 Short Keys
- 17 Java getBytes
- 18 Let's do the math
- 19 What percent made that silly error?
- 20 Replay Attacks
- 21 What percent kept their hash the same each time?
- 22 Static Initialization Vector
- 23 What percent used a static IV?
- 24 One implementation wrote their own cipher!
- 25 What went wrong?
- 26 Implications for the application
- 27 Should you roll your own crypto?
- 28 Overall Results
- 29 Vendor Response
- 30 Custom SSO: The Right Way
- 31 Dumb ideas for your crypto
- 32 Why did these companies make these mistakes?
- 33 Cryptography is different
- 34 Cryptography is awesome!
- 35 Resources for learning cryptography