Back to the Club's homepage
The Book of Bad Crypto Decisions (part 1 of 1,000,000) - Orr Dunkelman
Abstract
The borderline between cryptography and computer security (or "How to
use
cryptography") was, is, and will be, a place for many problems. In
this talk we shall go over several of the (many) examples to "what
might get wrong", and discuss how to avoid them (and how to mitigate
them).
The examples will cover GSM's (in)security:
- The use of a single key for different domains,
- The lack of authentication in the command channel,
- and the classic "Error-correct then encrypt" mistakes
issues with generating random numbers:
- Lack of entropy in the entropy pools
- The Debian bug
and finally, how the public-key infrastructure (PKI) is mis-used.
Lecture Slides in PDF
Back to the Club's homepage