Cryptography may or may not protect you - how it is used matters presented at LASCON2018 2018

by Karen Lu,

Summary : In today’s inter-connected IT environment, Internet applications, services, and devices are heavily dependent on cryptography, either through direct use or indirect reliance on components that use cryptographic modules. In both cases cryptography is a fundamental building block for security protections.Given its importance, cryptography is always under attack from adversaries who want to exploit vulnerabilities for their own nefarious ends, and under scrutiny from researchers or innocuous hackers who, maybe out of curiosity, discover the weaknesses. The problem can be in the algorithms, the protocols built around them, specific software implementations of these algorithms or protocols, or applications that using them. Regardless of the motive, the mode of attack, or where they occurred, cryptographic vulnerabilities once exposed or exploited can have a lasting impact to vendors and their customers (financial loss, reputation damage, compliance or legal violation, and so on). It is therefore extremely important to follow sound design and implementation techniques when building applications and solutions that rely on cryptography.This talk provides practical advice on proper use of cryptography in software and systems. The information is based on our research and years of experience in building security solutions. Audiences can walk away with concrete ideas about what they should do and should not do when using cryptographic algorithms.