Getting cryptography right is difficult. Unfortunately, smart professionals often create terrible cryptographic systems. This engaging session will provide failure modes of cryptography and the real reasons crypto systems fail. Algorithms will be harmed, mathematicians may be angered and pragmatists will be exonerated. This is not your Daddy's crypto. We will present case studies on commercial hash and database systems we broke, how commercial cryptosystems failed to consider environmental concerns (and violated Schneier's Law), help the participants recognized cryptographic snake oil and provide pragmatic steps to ensure your next crypto project is secure and successful. Bonus materials on hacking commercial cipher systems will be provided to participants, with a Q&A session.
Describe critical components for execution of a successful cryptographic project.
Describe cryptographic snake oil attributes and how to avoid such snake oil in future vendor demos.
Describe principle concepts of a cryptographic engagement to ensure success.
CISSP-ISSAP-ISSMP, CISA, CISM,
You must be logged in and own this session in order to