#crypto #security #trust
Presented at Owasp Winter 2017, Kyiv, Ukraine and at DevExperience18 in Iasi, Romania.
1. The typical engineering workflow "we should protect the data, what shall we do", and possible mistakes.
2. What is "boring crypto", what do we want from using crypto-products.
3. Possible solutions: HSM / TPM / software crypto.
4. How to select appropriate software crypto: libs, systems, containers.
5. We want crypto to be similar to the Edison lamp: controllable and boring system.
--------------------------------------
If you can't tap on the link inside slides, please open as pdf (button on the right).
--------------------------------------
Crypto in our lives: why you shouldn’t spend time learning all the details of the crypto-algorithms. Typical mistakes you make using crypto in your products. How to avoid late night commits, but to code 'fast and boring' instead.
--------------------------------------
Links to follow:
Boring crypto, Daniel J. Bernstein
https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf
Why does cryptographic software fail?
https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf
API design for cryptography
https://2017.hack.lu/archive/2017/hacklu-crypto-api.pdf
Encrypting strings in Android: Let’s make better mistakes
https://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/
Awesome crypto papers
https://github.com/pFarb/awesome-crypto-papers
12 And 1 Ideas How To Enhance Backend Data Security
https://www.cossacklabs.com/backend-data-security-modern-ideas.html
Attestation and Trusted Computing
https://courses.cs.washington.edu/courses/csep590/06wi/finalprojects/bare.pdf