Cryptography is hard. It usually takes many years of study before it is possible to make any serious contribution to the field; and even expert cryptographers often have flaws discovered in their work. However, merely using cryptography requires far less expertise. In this talk, I will cover everything most software developers will ever need to know about cryptography -- starting from the very beginning -- along with (time allowing) some of the reasons behind the recommendations I provide. Specific topics covered will include symmetric vs. asymmetric encryption; symmetric vs. asymmetric signatures; block ciphers; block cipher modes; key lengths; message authentication codes; hash algorithms; password handling; padding for asymmetric encryption; padding for asymmetric signing; Diffie-Hellman groups; and side channel attacks. Specific attacks will be discussed only to the extent of mentioning that they exist and explaining how cryptography-using systems should be designed to thwart them.
Sign in to add slides, notes or videos to this session