Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

Being Boring: A Survivor's Guide to Ruby Crypto...

tarcieri
November 10, 2013

Being Boring: A Survivor's Guide to Ruby Cryptography

We all know that security is hard, and that math is hard, but what happens when you put them together? Cryptography is an increasingly essential tool for building secure systems, but also a perilous minefield where any number of mistakes can lead to insecure systems.

This talk will take you step-by-step through the difficulties of building secure cryptosystems on top of Ruby's existing OpenSSL bindings and contrast that with RbNaCl, a next generation Ruby cryptography library specifically designed to be more mistake-proof and put cryptography "on Rails". Attendees will hopefully learn that the best approaches to cryptography rest in making systems simple, straightforward, and boring... in a good way.

Video: https://www.youtube.com/watch?v=e13irYP6WJA

tarcieri

November 10, 2013
Tweet

More Decks by tarcieri

Other Decks in Programming

Transcript

  1. “Most codes were designed by dilettantes and amateurs with no

    grasp of the underlying mathematics. It really is quite pitiable.” ! —Neal Stephenson, Cryptonomicon
  2. AES

  3. ECB MODE Key 16/24/32-bytes (Random) Plaintext ECB 16-byte block Ciphertext

    16-byte block Plaintext ECB 16-byte block Ciphertext 16-byte block Plaintext ECB 16-byte block Ciphertext 16-byte block Plaintext ECB 16-byte block Ciphertext 16-byte block
  4. CTR MODE Key 16/24/32-bytes (Random) Counter 1 AES Random Pad

    16-byte block Counter 2 AES Random Pad 16-byte block Counter 3 AES Random Pad 16-byte block Counter 4 AES Random Pad 16-byte block ⊕ ⊕ ⊕ ⊕ ⊕ Plaintext 16-byte block Plaintext 16-byte block Plaintext 16-byte block Plaintext 16-byte block Ciphertext 16-byte block Ciphertext 16-byte block Ciphertext 16-byte block Ciphertext 16-byte block Nonce 16-bytes (Random)
  5. RbNaCl Ruby binding to the Networking and Cryptography Library by

    djb https://github.com/cryptosphere/rbnacl