Overview
Syllabus
Intro
What will they talk about? • Quick primer on cryptography, encryption, and key management • Issues with current at-rest data encryption approaches
A02:2021 - Cryptographic Failures
Cryptography Cryptography was practiced for millennia before the Invention of computers One of the original and fundamental mechanisms for computer security
Cryptographic Attacks . Modern cryptography is exceptionally strong against direct attacks
Problem - Keys
Two Predominant Use Cases for Encryption
The Central Implicit Trust Model
So, what's the problem with that?
Two Real-world Examples Security Incident
Better Approach
Example - Medical Records System Only a subset of data values and attachments are to be protected
Column-Level Encryption
Application-Level Encryption (ALE)
Parting Words of Crypto Advice
Taught by
OWASP Foundation