Through the years, Ruby has become much more than just a programming language, but also a platform to develop robust applications. However, security needs to be re-thought and cryptography must be something easy for humans. Most of the time we don't care which algorithms are the ideal for encryption or not, SHA-256 or SHA-512, RSA or ECC, AES-128 or AES-256, padding schemes, number of iterations, key sizes or if these choices will prevent timing attacks. Developers need to keep an eye into many problems and just a single wrong line of code might introduce a new security vulnerability. Nowadays Ruby OpenSSL is the only choice if the developer is willing to do serious cryptography, but it tends to be tricky if for so whatever reason a specific algorithm must be supported or achieve portability across different operation systems. In this technical session you will be presented to Krypt, a library that translates boring cryptography into something clear for humans, providing a walkthrough about how Krypt is different than other crypto libraries and why. Find out more about how it aims to replace OpenSSL extension in Ruby standard library and the details behind the scenes about how we simulate OpenSSL features that were not available in JRuby before.
- Bruno Oliveira aka 'abstractj is a language-agnostic developer with solid background in Java and JVM based systems. Passionate about security and open source, he has been a long time TorqueBox, Immutant and DynJS contributor. He is currently working for JBoss by Red Hat helping push security forward on AeroGear, and his interests largely encompass mobile applications, pentesting and cryptography.
- Martin Boßlet is a freelancer by day, by night he is also a member of ruby-core, one of the maintainers of the Ruby OpenSSL extension and the author of krypt. Cryptography is his passion, and not only after the epiphany he had once realizing that his last name carries "ssl" in it. He's been helping the European Commission to implement a digital signature platform over the past years, and this was also the reason for krypt - so that he could do it in a sane language for once. He recently discovered blogging as a compensation for not haunting other people with lengthy emails anymore.