Cryptocoding presented at SSTIC 2014

by Jean-Philippe Aumasson,

Summary : Cryptography is difficult to implement correctly; we recently had an example with "Heartbleed" and "goto fail". We try first to understand the source of these problems, particularly in discussing the qualities of the OpenSSL library. Finally, we give some examples of recommendations for developers to avoid specific problems of cryptography, such as "timing attacks".