48 Dirty Little Secrets Cryptographers Don't Want You To Know

Presented at Black Hat USA 2014, Aug. 7, 2014, 2:15 p.m. (60 minutes).

Over the past year, more than 10,000 people participated in the Matasano crypto challenges, a staged learning exercise where participants implemented 48 different attacks against realistic cryptographic constructions. In the process, we collected crypto exploit code in dozens of different languages, ranging from X86 assembly to Haskell. With the permission of the participants, we've built a "Rosetta Code" site with per-language implementations of each of the crypto attacks we taught. In this talk, we'll run through all 48 of the crypto challenges, giving Black Hat attendees early access to all of the crypto challenges. We'll explain the importance of each of the attacks, putting them into the context of actual software flaws. Our challenges cover crypto concepts from block cipher mode selection to public key agreement algorithms. For some of the more interesting attacks, we'll step-by-step the audience through exploit code, in several languages simultaneously.

Presenters:

  • Thomas Ptacek - Matasano Security
    Thomas H. Ptacek co-founded Matasano Security with Dave Goldsmith and Jeremy Rauch in 2005. Matasano is now a part of NCC Group, alongside iSEC Partners, Intrepidus Group, and NCC Security. At NCC Group, Thomas works in the Chicago practice on cryptographic and embedded software security. Thomas has presented at previous Black Hat conferences on intrusion detection evasion, on security flaws in Data Loss Prevention products, on detection of hardware virtualized rootkits, and on cryptographic attacks against software crypto.
  • Alex Balducci - Matasano
    Alex is a Security Consultant and Researcher at Matasano.

Links:

Similar Presentations: