Explore common cryptography pitfalls and learn effective techniques to enhance system security in this 46-minute conference talk from LASCON 2016. Discover why implementing cryptography and security measures often falls short, leading to vulnerabilities in seemingly secure systems. Examine outdated primitives and subtle flaws that compromise security. Gain insights into tools and methods for addressing these challenges. Delve into topics such as modern cryptography, random number generators, hash functions, ciphers, authentication, TLS, SSH trust models, and the impact of quantum computing on security. Learn to identify and avoid critical mistakes in areas like checksums, length extension attacks, cipher modes, and certificate chain verification. Understand the importance of proper SSL configuration and library choices. Equip yourself with knowledge to build truly secure systems and restore confidence in your cryptographic implementations.
Overview
Syllabus
Intro
Chicago
Braintree
Modern Cryptography
Random Number Generators
Debian
Sony Playstation
Hash Functions
checksum vs signature
length extension attacks
SHA256
Hash function
Ciphers
AES
ECB Mode
Authentication
TLS
Not verifying the certificate chain
Protocol dependent
misconfigured server settings
new toplevel domains
SSL configuration generator
Broken library
Verify connection
SSH trust model
What organizations do we trust
Quantum computers
Google
Stanford
Monosano
Questions
authenticating
Taught by
LASCON
