Crypto Won't Save You Either

Presented at Kiwicon 7: Cyberfriends (2013), Nov. 9, 2013, 3:15 p.m. (30 minutes)

Cryptographer Adi Shamir, the 'S' in RSA, once said that "cryptography is bypassed, not penetrated". In the light of the Snowden revelations about the NSA, various people have proposed the use of crypto in order to evade NSA surveillance. From games consoles to smart phones, this talk looks at ten years of trying to secure things with crypto that ultimately failed, not through anyone bothering to break it but because it was much easier to just bypass it. The lesson from all of this is that you need to secure every part of the system and not just throw crypto at one bit and assume that you'll be safe.

Presenters:

• Peter Gutmann
  Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures and security usability. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption, and is the author of the open source cryptlib security toolkit, "Cryptographic Security Architecture: Design and Verification" (Springer, 2003), and an upcoming book on security engineering. In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about the lack of consideration of human factors in designing security systems.

Links:

• https://2013.kiwicon.org/the-con/talks/#e97

Similar Presentations:

• DerbyCon 6.0 Recharge (2016) / Data Obfuscation: How to hide data and payloads to make them “not exist” (in a mathematically optimal way)
• The Eleventh HOPE (2016) / How to Start a Crypto Party
• THOTCON 0x6 (2015) / Everything You Need to Know About Crypto in 50 minutes