If It Ain't Broken, Do Fix It: Building Modern Cryptography
08-16, 09:00–09:45 (Europe/Berlin), Milliways
Language: English

Security is hard. Modern programming languages help us with memory and type safety, but, even with bleeding edge frameworks and libraries, getting your crypto right remains hard.

We will take a look at recent cryptographic breaks in Matrix, Threema, Bridgefy and Mega, explore the modern cryptographic best practices and why they matter, see what makes TLS 1.3 special, and discuss how to get to a more secure world together!

This talk is a primer in modern cryptographic best practices, supporting them by examples of recent breaks and vulnerability disclosures.
With cryptographic failures showing up every other day in security news, and placing #2 in the "OWASP top 10" web application security list, we want to show why apparently innocuous mistakes can make things go disastrously wrong.
We plan to dedicate a part of the talk to open discussion, gathering feedback from developers and maintainer of open source cryptography, with the long term plan of building an high-level cryptographic library that should make developing new cryptographic protocols easier and more secure.

Content Notes

Cryptography, cryptographic failures, OWASP top 10, Threema, Matrix, Signal, provable security, cryptanalysis

I'm cryptographic researcher and PhD student at ETH Zurich. I love breaking stuff! But since I can't just sit and watch the world burn, I try to build more secure systems!