0      0

(ISC)2 Security Congress 2022

2101810 - My Baby Done Bad Crypto, My Sweet Baby Done Me Wrong

Oct 12, 2022 11:25am ‐ Oct 12, 2022 12:25pm


Getting cryptography right is difficult. Unfortunately, smart professionals often create terrible cryptographic systems. This engaging session will provide failure modes of cryptography and the real reasons crypto systems fail. Algorithms will be harmed, mathematicians may be angered and pragmatists will be exonerated. This is not your Daddy's crypto. We will present case studies on commercial hash and database systems we broke, how commercial cryptosystems failed to consider environmental concerns (and violated Schneier's Law), help the participants recognized cryptographic snake oil and provide pragmatic steps to ensure your next crypto project is secure and successful. Bonus materials on hacking commercial cipher systems will be provided to participants, with a Q&A session.

Learning Objectives:
  • Describe critical components for execution of a successful cryptographic project.
  • Describe cryptographic snake oil attributes and how to avoid such snake oil in future vendor demos.
  • Describe principle concepts of a cryptographic engagement to ensure success.


  • Dan Houser, CISSP-ISSAP-ISSMP, CISA, CISM, Group Manager, Avanade

You must be logged in and own this session in order to post comments.