Overview
Explore common cryptographic mistakes and learn how to exploit them in this 54-minute conference talk. Dive into topics such as exclusive OR (XOR), randomness, one-time pads, stream ciphers, block ciphers, and various encryption modes. Understand the importance of proper padding, integrity checks, and authenticated encryption. Gain insights into the differences between hashing and key derivation functions. Walk away with practical knowledge on cryptographic vulnerabilities and recommendations for secure implementation.
Syllabus
Intro
Why this talk • Cryptography: HARD
whoami • Past: software development
General recommendations
Common mistakes
Exclusive OR (XOR)
Randomness
One time pad (OTP)
One time? But why?
Stream cipher (more practical OTP)
Block cipher primitive
Electronic code block (ECB)
Cipher block chaining (CBC)
CBC decryption
Padding (for block ciphers)
What about integrity?
Bit flipping (stream cipher)
Bit flipping (block cipher, CBC mode)
Authenticated encryption
Hash vs KDF
Takeaways
Further learning
Taught by
OWASP Foundation