Speaking with Cryptographic Oracles presented at Defcon19 2011

by Daniel Crowley,

Summary : Cryptography is often used to secure data, but few people have a solid understanding of cryptography. It is often said that if you are not strictly a cryptographer, you will get cryptography wrong. For that matter, if you ARE a cryptographer, it is still easy to make mistakes. The algorithms might be peer reviewed and unbroken for 15 years, but if you use them incorrectly, they might leak information. Cryptographic oracles are systems which take user-controlled input and leak part or all of the output, generally leading to an attacker being able to defeat the cryptography, in part of in whole. In this talk, methods for finding and exploiting encryption, decryption, and padding oracles with minimal cryptographic knowledge will be discussed.

Daniel Crowley: Daniel does pen testing, research, training, and various other things for Core Security Technologies. In his spare time, he plays around mostly with Web-based technologies and locks. Being an entertainer by nature, Daniel likes combining art with technology and his presentations are designed to inform AND entertain. Daniel was a speaker at Shmoocon VI and won the Gringo Warrior competition at Shmoocon V.