Export or edit this event...

OWASP PDX - Yes, You Too Can Break Crypto: Exploiting Common Crypto Mistakes


Abstract Cryptography is tricky. Sure, everybody knows not to roll out their own crypto, but is it enough? Are the standard algorithms, libraries, and utilities always used the right way? This is of course a rhetorical question! Humans keep making mistakes that other humans can exploit, and Murphy’s law continues to prove true: “If there is a wrong way to do something, then someone will do it.” In this talk, not only will we discuss what can go wrong, but also how attackers could take advantage of that. Insufficient entropy? Static initialization vector? Key reuse in stream cipher? Lack of ciphertext integrity? We’ve heard these terms and may be familiar with them in theory, but let’s see actual examples of these and other crypto mistakes and corresponding exploits, and understand how they could lead to real life problems. Are you not on an offensive team and not interested in exploitation? Then this talk is for you too! Come and learn how to avoid common crypto mistakes in your code!

Bio Alexei began his career as a software developer. A decade later, he realized that breaking code was way more fun than writing code, and decided to switch direction. He is now a full-time application security professional, with several years of assisting various development teams in delivering secure code, as well as security consulting. He holds OSCP and CISSP, and currently works as a lead product security engineer for Salesforce.

RSVP: https://www.meetup.com/OWASP-Portland-Chapter/events/270404725/