NCC Group, Chicago's Second Open Forum. Food (donuts and some other scrumptious food/drinks) will be provided.
Artem Dinaburg of Trail of Bits will be speaking on "Making a Scalable Automated Hacking System"
It'll be a shorter talk of what he'll be presenting on Shakacon, later next month talking about Trail of Bit's Cyber Grand Challenge adventure.
Steve Thomas will be speaking on, "Properly Storing Secrets in the Cloud"
Password KDFs, split keys, key files, and HSMs oh my. Find out how to use "PAKE to HSM" to solve problems with storing key in the cloud. It's more secure than storing a password protected key file on your device while providing better UX. Assuming the hardware security module (HSM) does its job, you can only do online attacks. Online attacks can be limited with 2FA verified on the HSM.
David Wong of NCC Group's Cryptography Services team will be speaking on "How to backdoor Diffie-Hellman".
Lately, several backdoors in cryptographic constructions, protocols and implementations have been surfacing in the wild: Dual-EC in RSA's B-Safe product, a modified Dual-EC in Juniper's operating system ScreenOS, and a non-prime modulus in the open-source tool Socat. Many papers have already discussed the fragility of cryptographic constructions not using Nothing-Up-My-Sleeve numbers, as well as how such numbers can be safely picked. However, the question of how to introduce a backdoor in an already secure, safe and easy to audit implementation has so far rarely been researched (in the public).
Hope to see you all there!