Don’t waste time on learning cryptography: better use it properly

042b7c0e45c53de46667f07de2fb2614?s=47 vixentael
December 02, 2017

Don’t waste time on learning cryptography: better use it properly

#crypto #security #trust

Presented at Owasp Winter 2017, Kyiv, Ukraine and at DevExperience18 in Iasi, Romania.

1. The typical engineering workflow "we should protect the data, what shall we do", and possible mistakes.
2. What is "boring crypto", what do we want from using crypto-products.
3. Possible solutions: HSM / TPM / software crypto.
4. How to select appropriate software crypto: libs, systems, containers.
5. We want crypto to be similar to the Edison lamp: controllable and boring system.


If you can't tap on the link inside slides, please open as pdf (button on the right).


Crypto in our lives: why you shouldn’t spend time learning all the details of the crypto-algorithms. Typical mistakes you make using crypto in your products. How to avoid late night commits, but to code 'fast and boring' instead.


Links to follow:

Boring crypto, Daniel J. Bernstein

Why does cryptographic software fail?

API design for cryptography

Encrypting strings in Android: Let’s make better mistakes

Awesome crypto papers

12 And 1 Ideas How To Enhance Backend Data Security

Attestation and Trusted Computing



December 02, 2017