How to Implement Crypto Poorly

How to Implement Crypto Poorly

via YouTube Direct link

What percent kept their hash the same each time?

21 of 35

21 of 35

What percent kept their hash the same each time?

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

How to Implement Crypto Poorly

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Who am I?
  3. 3 Don't roll your own crypto!
  4. 4 What's single sign-on?
  5. 5 What's custom single sign-on?
  6. 6 I found this emergency fix
  7. 7 The Freshdesk Flaw
  8. 8 The Custom Single Sign-on Survey
  9. 9 Basic Stats
  10. 10 No HMAC: Length Extension Attacks
  11. 11 No HMAC: Preimage Attacks
  12. 12 HMAC: Explained
  13. 13 What percent actually used an HMAC?
  14. 14 Uses Obsolete Crypto Primitives
  15. 15 What percent used a best practice cipher? Best Practice Cipher
  16. 16 Short Keys
  17. 17 Java getBytes
  18. 18 Let's do the math
  19. 19 What percent made that silly error?
  20. 20 Replay Attacks
  21. 21 What percent kept their hash the same each time?
  22. 22 Static Initialization Vector
  23. 23 What percent used a static IV?
  24. 24 One implementation wrote their own cipher!
  25. 25 What went wrong?
  26. 26 Implications for the application
  27. 27 Should you roll your own crypto?
  28. 28 Overall Results
  29. 29 Vendor Response
  30. 30 Custom SSO: The Right Way
  31. 31 Dumb ideas for your crypto
  32. 32 Why did these companies make these mistakes?
  33. 33 Cryptography is different
  34. 34 Cryptography is awesome!
  35. 35 Resources for learning cryptography

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.