GoRuCo 2013 – Krypt Semper Pi. @ YouTube

GoRuCo 2013 – Krypt. Semper Pi. by Martin Bosslet

It’s a nice presentation which talks about difficulties in cryptography, and providing a library (Krypt) for easing it.

Using OpenSSL on ruby sometimes causes troubles. When it fails to work, cryptic message is displayed. Also, updating the OpenSSL can require re-compilation of ruby, or cause an error on CERT FILE, etc. It’s tough.

Also, the concept of “Security by Default” is quite important. It’s too difficult to appropriately use the library.

Recently I took a online cryptography course from coursera. It’s a great course, and the professor repeatedly indicates that “you should avoid doing it by yourself”. Inventing your-own-version of algorithms are often criticized, but also appropriately using the standard libraries is difficult (as indicated in the presentation – around 9:00).

Using password for encryption keys instead of random value (by using cryptographically-secure-random-generator), or applying inappropriate encryption modes/parameters can cause weakness. It’s tough.

Reference

Advertisements

Posted on August 3, 2013, in Misc, Web. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: