AppsSec Aus Sydney - October Meetup - How to identify bad cryptography
Details
Talk title: How to identify bad cryptography
Time: 23 October, Arrive at 6pm for 6:30pm start
Location: Talenza Sydney Office
Abstract: Exploiting bad cryptography is a niche skill that requires a lifetime of cryptographic study, but identifying bad cryptography is a much easier problem. In this talk we will show highly upvoted cryptography implementations from StackOverflow that have serious security problems and we will give a hint of how they can be exploited. We also provide historical context to understand why these implementation errors are so commonplace, and discuss the shortcomings that currently exist for AI to provide trustworthy cryptographic guidance.
Author bio: Scott Contini has a PhD including more than a dozen research publications in cryptography. In 2008 Scott switched from academia to industry to focus more on real-world security problems. Since then Scott has identified hundreds of poor cryptographic implementations in the real world and has written popular blogs on common coding mistakes, as well as writing a significant portion of the 2021 OWASP Top 10 topic of Cryptographic Failures.