Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Biting into the Forbidden Fruit

BruCON Security Conference via YouTube

Overview

Explore the controversial world of JavaScript cryptography in this thought-provoking conference talk from BruCON 0x06. Delve into the history of JS crypto, examine its perceived flaws, and challenge the notion that it's inherently insecure. Discover real-world examples of high-profile crypto libraries, applications, and systems tested for vulnerabilities. Compare JavaScript cryptography to established implementations like OpenSSL, BouncyCastle, and GnuPG. Analyze various security aspects, including XSS, man-in-the-middle attacks, PRNGs, and timing side-channels. Gain insights into language-specific issues, browser quirks, and platform-related challenges. Leave with a comprehensive, updated, and opinionated view on the state of JavaScript cryptography, equipped to question long-held beliefs and make informed decisions about its use in modern web applications.

Syllabus

Intro
About me
JS crypto history
Doomed to fail?
Action plan
Language issues matter
Javascript in a glance
Bit quirks
Magic properties
Silent errors
16 snowmen attack!
AES - SubBytes
Encrypting...
Implicit type coercion
Decrypting...
Web platform
XSS
Poor randomness
Timing side-channels
Compiler optimisation
Direct memory access
Browser extension

Taught by

BruCON Security Conference

Reviews

Start your review of Biting into the Forbidden Fruit

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.