Daniel LaBarge - Password Protection Program

This is a past event

30 people went

Location image of event venue


Multiple times a month we hear about various technocrimes involving passwords. However this month Daniel LaBarge of Artisans Collaborative (https://artisanscollaborative.com/) will walk through ways to protect passwords by not even transmitting them!


If you've ever wanted to build better registration and authentication and remove passwords from your application, then this talk will guide you how to do it with PHP and a bit of JavaScript using the Secure Remote Password (SRP-6a) protocol. Never heard of it? That's probably because it's from 1998. In this meetup we'll apply this lost cryptography gem to help protect passwords.

Still not convinced? How about a narrative with bullet points:

While data security and privacy is nothing new, it seems that even modern application developers are still participating in organized server crime. At every level, from personally identifying information, to passwords and banking information, unsuspecting users have their data stored and transmitted over the wire. Even when encrypted, the lack of security and the non-compliance leave security reporters shocked. You've seen too much. It's time for the Password Protection Program to relocate the password out of reach of the server bosses in a safe house on the client.

With your coding skills and the testimony of a key witness PHP demo, we'll bring the whole thing down:

- Let's review best practices for password protection.
- Let's demo the Secure Remote Password (SRP-6a) protocol.
- Let's learn why this 1998 tech is being used by Apple, 1Password, etc.
- Let's explore the future of OPAQUE and SPAKE2+EE.
- Let's talk about how to convince stakeholders it's time for a revamp.

Let's relocate the password to the client: let's get back to being respectable server owners.