Explore common cryptographic vulnerabilities and exploitation techniques in this 42-minute conference talk from BSidesSF 2020. Delve into the challenges of implementing secure cryptography, examining real-world mistakes and their consequences. Learn about exclusive-or operations, randomness issues, and ransomware decryption. Discover the pitfalls of one-time pads, stream ciphers, and block ciphers. Investigate padding oracle attacks, bit flipping attacks, and authentication vulnerabilities. Gain practical insights through demonstrations and receive expert advice on improving cryptographic implementations. Conclude with a summary of key takeaways and resources for further learning in the field of cryptography security.
Overview
Syllabus
Introduction
Why Cryptography is Hard
General Recommendations
Mistakes
Exclusiveor
Randomness
Ransomware
Decrypter
Demo
Advice
Onetime Pad
XOR
Stream ciphers
Reusing keys
Block cipher
CBC mode
Padding
Parent Oracle
Oracle Attack
Bit flippant Attack
Bit flipping Attack
Authentication
Hash Functions
Summary
Further Learning
Taught by
Security BSides San Francisco
