Completed
Uses Obsolete Crypto Primitives
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
How to Implement Crypto Poorly
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Who am I?
- 3 Don't roll your own crypto!
- 4 What's single sign-on?
- 5 What's custom single sign-on?
- 6 I found this emergency fix
- 7 The Freshdesk Flaw
- 8 The Custom Single Sign-on Survey
- 9 Basic Stats
- 10 No HMAC: Length Extension Attacks
- 11 No HMAC: Preimage Attacks
- 12 HMAC: Explained
- 13 What percent actually used an HMAC?
- 14 Uses Obsolete Crypto Primitives
- 15 What percent used a best practice cipher? Best Practice Cipher
- 16 Short Keys
- 17 Java getBytes
- 18 Let's do the math
- 19 What percent made that silly error?
- 20 Replay Attacks
- 21 What percent kept their hash the same each time?
- 22 Static Initialization Vector
- 23 What percent used a static IV?
- 24 One implementation wrote their own cipher!
- 25 What went wrong?
- 26 Implications for the application
- 27 Should you roll your own crypto?
- 28 Overall Results
- 29 Vendor Response
- 30 Custom SSO: The Right Way
- 31 Dumb ideas for your crypto
- 32 Why did these companies make these mistakes?
- 33 Cryptography is different
- 34 Cryptography is awesome!
- 35 Resources for learning cryptography
