If It Ain't Broken, Do Fix It: Building Modern Cryptography

Event start: 10 months ago // Event Information

If It Ain't Broken, Do Fix It: Building Modern Cryptography
Village Event
Aug. 16, 2023, 9 a.m. - Aug. 16, 2023, 9:45 a.m.
Matteo Scarlata, Kien Tuong Truong

Security is hard. Modern programming languages help us with memory and type safety, but, even with bleeding edge frameworks and libraries, *getting your crypto right remains hard*. We will take a look at recent cryptographic breaks in **Matrix**, **Threema**, **Bridgefy** and **Mega**, explore the modern cryptographic best practices and why they matter, see what makes **TLS 1.3** special, and discuss how to get to a more secure world together!

This talk is a primer in modern cryptographic best practices, supporting them by examples of recent breaks and vulnerability disclosures. With cryptographic failures showing up every other day in security news, and placing #2 in the "OWASP top 10" web application security list, we want to show why apparently innocuous mistakes can make things go disastrously wrong. We plan to dedicate a part of the talk to open discussion, gathering feedback from developers and maintainer of open source cryptography, with the long term plan of building an high-level cryptographic library that should make developing new cryptographic protocols easier and more secure.