QCon is a practitioner-driven conference designed for technical team leads, architects, and project managers who influence software innovation in their teams.

Presentation: "How I Learned to Stop Worrying and Trust Crypto Again"

Track: Privacy & Security - Rebuilding Trust / Time: Wednesday 13:20 - 14:10 / Location: Elizabeth Windsor

Making secure use of cryptographic APIs has become a core competence in software development. But how secure are the standard APIs, in particular in the light of recent revelations regarding activities of some national security agencies in weakening cryptographic standards?

In this talk we will first look at some of the cryptographic standards whose security is the subject of speculation and try to separate rumour from fact. Then we'll examine some of most widely encountered crypto APIs, evaluating them on two important axes: facilities for flexible, secure key management and provision of modern cryptographic primitives. We'll look at strategies for using cryptographic APIs securely and testing the security of third party cryptographic equipment.

 

Download slides

Graham Steel, Founder/CEO of CryptoSense

Graham Steel

Biography: Graham Steel

Graham Steel holds a masters in mathematics from the University of Cambridge and a Ph.D. in informatics from the University of Edinburgh. He has been a researcher at INRIA, the French national agency for computer science research, since 2008.
Based in Paris, he recently cofounded a spin-off company, Cryptosense, which provides vulnerability analysis tools for cryptographic systems to an international clientele in particular in the financial, industrial and government sectors. In addition to international conference and journal publications, his research results have featured in Wired magazine and the New York Times.

Twitter: @graham_steel