2021-05-20, 09:05–09:35, Main stream
Do you feel unequipped to understand real world crypto attacks? Are you overwhelmed with the over-abundance of choices provided by any modern cryptography API, to make a secure decision while choosing a randomness provider, encryption scheme or digital signature APIs? Are you on top of all the latest happenings in cryptographic communities, to know which cryptographic primitives is deemed broken? Due to sheer lack of documentation of the chosen API, do you feel paralyzed on where and how to start designing or analyzing any cryptographic systems?
If any of these answers are "yes", come join me in this talk. I will be going over each cryptographic primitive like Random Number Generators, Encryption/Decryption algorithms, message authentication codes, digital signatures, password storage etc. We will be discussing common crypto insecure patterns observed in real world applications, best secure practices and what to be wary of. All this based on evaluating bunch of leading cryptographic implementations while not loosing sight of future-proofing applications. This should help security architects/developers while designing their crypto applications and security practitioners while auditing these system.
Mansi Sheth is a Principal Security Researcher at Veracode Inc. In her career, she has been involved with breaking, defending and building secure applications. Mansi researches various languages and technologies, finds insecure usage in customer code and suggests automation measures in finding vulnerabilities for Veracode's Binary Static Analysis service. She is an avid traveller with the motto "If not now, then when?”