Today we use cryptography in almost everywhere. From surfing the web over https, to working remotely over ssh. In modern crypto we have all the building block to develop secure application. However, we see instances of insecure code everywhere. Most of these vulnerabilities are not because of theoretic shortcomings, but due to bad implementation or a flawed protocol design. Cryptography is a delicate art where nuances matter, and failure to comprehend the subtleties of these building blocks leads to critical vulnerabilities. To add insult to injury most of the resources available are either outdated or wrong, and inarguably, using bad crypto more dangerous than not using it. In this talk we look at examples from real world applications and the most common cryptographic pitfalls.
Amirali Sanatinia is a Computer Science PhD candidate at Northeastern and holds a Bachelors degree in CS from St Andrews University. His research focuses on security and privacy, and was covered by venues such as MIT Technology Review, Ars Technica, Threatpost, etc. He is a recipient of RSAC Security Scholar and CCIS Outstanding Research Award. He has presented at different security conferences such as DEF CON, Crypto Village, Virus Bulletin, BSides Boston, and PyCon.
Get promotions and special offers directly to your inbox.