Everything I always wanted to know about crypto, but never thought I'd understand

updated 10 months ago; latest suggestion 9 months ago

For many years, I had entirely given up on ever understanding the slightest thing about cryptography. The amount required to understand even the most basic part seemed entirely dazzling. However, I’ve since learned it’s not nearly as hard as I thought to understand many of the important concepts.

And this is what I want to share with you. For this talk, you don’t need to know anything about cryptography, and almost no math knowledge. You’ll gain an understanding of what the different components are and how they interact. And learn to get a grasp for how a system works, without necessarily understanding the details of each individual part.

In this talk, I’ll take you through some of the underlying design principles of modern applications of cryptography. We’ll talk about what we’re trying to accomplish, which parts are involved, and how to prevent and understand common vulnerabilities. This will help you to make better choices when you implement cryptography in your products, and will improve your understanding of how crypto is applied to things you already use.


Some things we could talk about (depending on timing):

  • What is cryptography, and what are we trying to accomplish?
  • Examples of some poor ciphers and how to understand how to break it.
  • Modern ciphers and what makes them good.
  • How to apply them in real setups, block cipher modes, and how you can still create vulnerabilities with modern ciphers like AES.
  • Authentication in crypto, and risks if it isn’t used correctly.
  • Key handling
  • Asymmetric ciphers, how they work, and their complications.
  • Trust, how it can be implemented, where you need it, and it’s weaknesses.
  • Random number sources and why they matter.

Suggestions

  • 8b2f2d3e6553c2b4048b93300959895ab76b4154?size=100x100 8b2f2d3e6553c2b4048b93300959895ab76b4154 suggests 9 months ago

    Securing user data is becoming more and more important in today's environment. Having a basic understanding of the technologies around that is crucial. I think this would be a good talk for most developers to hear.