[Noisebridge-announce] BAHA at 2pm Sunday, talkin' bout web crypto

travis+ml-noisebridge-announce at subspacefield.org travis+ml-noisebridge-announce at subspacefield.org
Fri Oct 8 00:19:53 PDT 2010


Been a bit busy with work, so recycling an older-but-good talk.

Had a person at OWASP Austin say this was the best talk they'd
seen there.  Slides here for the lazy, or overachievers:

http://www.subspacefield.org/security/web_20_crypto/

I'll cover many real-world vulns in crypto in recent web apps (not in
SSL).  We'll learn many ways not to do crypto.

The length-extension attack I discussed here was later used to break
Flickr's API.

I'll also cover the PKCS#7 Padding Oracle attack, which was used to
break millions of ASP.NET apps a decade or two after it was first
described.

So bring your crypto questions, inane questions, insane questions,
questionable questions, and Missy Elliot lyrics, and we'll see if
we can make them topical.

"It's not like I'm _encrypting_, it's more that I've
 suddenly developed a massive entropy deficiency"
-- 
I find your ideas intriguing and would like to subscribe to your newsletter.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
Url : http://www.noisebridge.net/pipermail/noisebridge-announce/attachments/20101008/6c8f5627/attachment.pgp 


More information about the Noisebridge-announce mailing list