SlideShare une entreprise Scribd logo

Dutch PHP 2018 - Cryptography for Beginners

Adam Englander
Adam Englander

Cryptography is a complex and confusing subject. In this talk you will learn about the core components of cryptography used in software development: securing data with encryption, ensuring data integrity with hashes and digital signatures, and protecting passwords with key derivation functions. While learning how to use these components, you will also learn the best practices that drive strong cryptography. This talk won’t make you a cryptography expert but it will give you the knowledge necessary to use cryptography properly. No prior knowledge of cryptography is required for this presentation.

Technologie
1  sur  96
Télécharger pour lire hors ligne
@adam_englander Cryptography for Beginners Adam Englander Software Architect, iovation
@adam_englander I am a Virtual Crime Fighter
@adam_englander I am a lover of PHP
@adam_englander Let’s Set Some Expectations
@adam_englander What is cryptography?
@adam_englander –Wikipedia “Cryptography…is the practice and study of techniques for secure communication in the presence of third parties called adversaries.”
@adam_englander –Wikipedia “Cryptography…is the practice and study of techniques for secure communication in the presence of third parties called adversaries.”
@adam_englander How Cryptography Works
@adam_englander
@adam_englander
@adam_englander
@adam_englander
@adam_englander
@adam_englander
@adam_englander How is cryptography used?
@adam_englander Encryption Signatures Key Derivation Hashing
@adam_englander Encryption
@adam_englander Asymmetric Encryption
@adam_englander Symmetric Encryption
@adam_englander Hashing
@adam_englander Input MD5 SHA1 Foo 1356c67d7ad1638d816bfb82 2dd2c25d 201a6b3053cc1422d2c3670b6 2616221d2290929 Bar ddc35f88fa71b6ef142ae61f35 364653 e496fd20136d4bb7828ebb0ab 925b1bd977208e4
@adam_englander Collisions occur when two input values create the same hash
@adam_englander Any modern hashing algorithm will never create collision for an input value whose size is equal to or less then the hash output size
@adam_englander Input MD5 SHA1 Foo 1356c67d7ad1638d816bfb82 2dd2c25d 201a6b3053cc1422d2c3670b6 2616221d2290929 Bar ddc35f88fa71b6ef142ae61f35 364653 e496fd20136d4bb7828ebb0ab 925b1bd977208e4
@adam_englander db110e4553b9fb646c8d01d928668046 33,571 byte input and 32 byte output
@adam_englander Hashes by themselves aren’t very useful!
@adam_englander Signatures
@adam_englander Data Key Signature Foo KeyOne b4ac60b7d319d41df60c99a6d064c18e Foo KeyOne b4ac60b7d319d41df60c99a6d064c18e Foo KeyTwo db97086208d9dd34d4b288959cac612f Bar KeyOne 8624de374522eaf1b4ae9f0b872c2169
@adam_englander Data Key Signature Foo KeyOne b4ac60b7d319d41df60c99a6d064c18e Foo KeyOne b4ac60b7d319d41df60c99a6d064c18e Foo KeyTwo db97086208d9dd34d4b288959cac612f Bar KeyOne 8624de374522eaf1b4ae9f0b872c2169
@adam_englander Data Key Signature Foo KeyOne b4ac60b7d319d41df60c99a6d064c18e Foo KeyOne b4ac60b7d319d41df60c99a6d064c18e Foo KeyTwo db97086208d9dd34d4b288959cac612f Bar KeyOne 8624de374522eaf1b4ae9f0b872c2169
@adam_englander Data Key Signature Foo KeyOne b4ac60b7d319d41df60c99a6d064c18e Foo KeyOne b4ac60b7d319d41df60c99a6d064c18e Foo KeyTwo db97086208d9dd34d4b288959cac612f Bar KeyOne 8624de374522eaf1b4ae9f0b872c2169
@adam_englander Key Derivation
@adam_englander ihatepasswords randomsalt gPqSXKzzeStBAqT3
@adam_englander ihatepasswords randomsalt gPqSXKzzeStBAqT3 gPqSXKzzeStBAqT3 randomsalt hoEiNrLNefkxRNPR
@adam_englander ihatepasswords randomsalt gPqSXKzzeStBAqT3 gPqSXKzzeStBAqT3 randomsalt hoEiNrLNefkxRNPR hoEiNrLNefkxRNPR randomsalt MgbfofelpvLjM0Hx
@adam_englander ihatepasswords randomsalt gPqSXKzzeStBAqT3 gPqSXKzzeStBAqT3 randomsalt hoEiNrLNefkxRNPR hoEiNrLNefkxRNPR randomsalt MgbfofelpvLjM0Hx MgbfofelpvLjM0Hx randomsalt xYjyM0wXf1VYboBa
@adam_englander ihatepasswords randomsalt gPqSXKzzeStBAqT3 gPqSXKzzeStBAqT3 randomsalt hoEiNrLNefkxRNPR hoEiNrLNefkxRNPR randomsalt MgbfofelpvLjM0Hx MgbfofelpvLjM0Hx randomsalt xYjyM0wXf1VYboBa xYjyM0wXf1VYboBa randomsalt OpWKejkZt/u1wFCk
@adam_englander How do I get good cryptography?
@adam_englander Good cryptography obscures data in such a way that it is difficult and costly to duplicate or reverse.
@adam_englander Attacking Cryptography
@adam_englander
@adam_englander
@adam_englander
@adam_englander
@adam_englander
@adam_englander
@adam_englander
@adam_englander There are ways to fight all that power...
@adam_englander Algorithm Complexity
@adam_englander Large Keys
@adam_englander System Resources
@adam_englander Iteration
@adam_englander
@adam_englander –Oxford Dictionary Entropy: Lack of order or predictability; gradual decline into disorder.”
@adam_englander Real world data has very predictable patterns.
@adam_englander HTTP/1.1 200 OK Content-Type: application/json Server: Apache/2.1 Date: Thu, 08 Feb 2018 18:19:56 GMT { "account": "my-secret-account-number", "date_of_birth": "1980-01-02", "first_name": "Jane", "last_name": "Doe", "ssn_last4": "1234", }
@adam_englander HTTP/1.1 200 OK Content-Type: application/json Server: Apache/2.1 Date: Thu, 08 Feb 2018 18:19:56 GMT { "account": "my-secret-account-number", "date_of_birth": "1980-01-02", "first_name": "Jane", "last_name": "Doe", "ssn_last4": "1234", }
@adam_englander HTTP/1.1 200 OK Content-Type: application/json Server: Apache/2.1 Date: Thu, 08 Feb 2018 18:19:56 GMT { "account": "my-secret-account-number", "date_of_birth": "1980-01-02", "first_name": "Jane", "last_name": "Doe", "ssn_last4": "1234", }
@adam_englander HTTP/1.1 200 OK Content-Type: application/json Server: Apache/2.1 Date: Thu, 08 Feb 2018 18:19:56 GMT { "account": "my-secret-account-number", "date_of_birth": "1980-01-02", "first_name": "Jane", "last_name": "Doe", "ssn_last4": "1234", }
@adam_englander Credential data is highly predictable
@adam_englander Most services use email for the username
@adam_englander Passwords have very high predictability and are reused
@adam_englander –iovation: August 2015 Password Survey https://s3.amazonaws.com/launchkey-blog/LaunchKey_Password_Survey_Results.pdf “68% of people reuse passwords”
@adam_englander –Keeper Security: The Most Common Passwords of 2016 https://keepersecurity.com/public/Most-Common-Passwords-of-2016-Keeper-Security-Study.pdf “The top 25 passwords of 2016 constitute over 50% of the 10M passwords that were analyzed.”
@adam_englander –Keeper Security: The Most Common Passwords of 2016 https://keepersecurity.com/public/Most-Common-Passwords-of-2016-Keeper-Security-Study.pdf “Nearly 17% of users are safeguarding their accounts with “123456."”
@adam_englander Most users will choose passwords based on ease of recall rather than entropy
@adam_englander All the reuse and predictability in passwords creates a very serious problem
@adam_englander user1 wI6Lx2klirB32K5T/4iQzsRVXI0PoVfc user2 eHc9kCCZAzmR8HrelHeOAOs67XBo6OQe user3 wI6Lx2klirB32K5T/4iQzsRVXI0PoVfc user4 7U02IuFr4KJdjcexi26XFBWOuB3rTGLh user5 wI6Lx2klirB32K5T/4iQzsRVXI0PoVfc
@adam_englander user1 wI6Lx2klirB32K5T/4iQzsRVXI0PoVfc user2 eHc9kCCZAzmR8HrelHeOAOs67XBo6OQe user3 wI6Lx2klirB32K5T/4iQzsRVXI0PoVfc user4 7U02IuFr4KJdjcexi26XFBWOuB3rTGLh user5 wI6Lx2klirB32K5T/4iQzsRVXI0PoVfc
@adam_englander Good cryptography uses random salts to add entropy to hashes
@adam_englander user1 4Ka7pm2M hqebP0ZRMl1DuBuoDC6+aA== user2 lmsnAV/G XW0sV+kkle4DGaRyCul9mg== user3 dLi1KjpE WrxmEs5ebHl1BiSp78fAeg== user4 oRj3JUBE dATxMWkabTpBUwsjtNu3Eg== user5 SD1sEqV tHKLSj5J8FoO0LHJfeI6lA==
@adam_englander Nearly every type of data has recognizable patterns
@adam_englander English Message Patterns • Spaces can be determined based on predictable word patterns • Single letter words will be either the letter i or a • In a two letter word, one of the letters is a vowel • Three letter words mostly start and end with consonants and nearly always have a vowel in the middle • The letter e is the most common of all letters
@adam_englander RrSRvtw/2Mk993TmCMjoAoSjyTAIF1emZQU= RrSRvtw/2Mk993TmCMjoAoSjyTAIF1emZQU= VXXo7Ov5OxFC5l6hEwDECoSjyTAIF1emZQY= uoZjkwYzCwwN18xU8aZMzISjyTAIF1SmZQU= yUe6wRXtblMRxrYP/N4n1ISjyTAIF1SmZQY= coqei5pw+HHPDpaCPzcNW4SjyTMIF1emZQU=
@adam_englander RrSRvtw/2Mk993TmCMjoAoSjyTAIF1emZQU= RrSRvtw/2Mk993TmCMjoAoSjyTAIF1emZQU= VXXo7Ov5OxFC5l6hEwDECoSjyTAIF1emZQY= uoZjkwYzCwwN18xU8aZMzISjyTAIF1SmZQU= yUe6wRXtblMRxrYP/N4n1ISjyTAIF1SmZQY= coqei5pw+HHPDpaCPzcNW4SjyTMIF1emZQU=
@adam_englander RrSRvtw/2Mk993TmCMjoAoSjyTAIF1emZQU= RrSRvtw/2Mk993TmCMjoAoSjyTAIF1emZQU= VXXo7Ov5OxFC5l6hEwDECoSjyTAIF1emZQY= uoZjkwYzCwwN18xU8aZMzISjyTAIF1SmZQU= yUe6wRXtblMRxrYP/N4n1ISjyTAIF1SmZQY= coqei5pw+HHPDpaCPzcNW4SjyTMIF1emZQU=
@adam_englander RrSRvtw/2Mk993TmCMjoAoSjyTAIF1emZQU= RrSRvtw/2Mk993TmCMjoAoSjyTAIF1emZQU= VXXo7Ov5OxFC5l6hEwDECoSjyTAIF1emZQY= uoZjkwYzCwwN18xU8aZMzISjyTAIF1SmZQU= yUe6wRXtblMRxrYP/N4n1ISjyTAIF1SmZQY= coqei5pw+HHPDpaCPzcNW4SjyTMIF1emZQU=
@adam_englander RrSRvtw/2Mk993TmCMjoAoSjyTAIF1emZQU= RrSRvtw/2Mk993TmCMjoAoSjyTAIF1emZQU= VXXo7Ov5OxFC5l6hEwDECoSjyTAIF1emZQY= uoZjkwYzCwwN18xU8aZMzISjyTAIF1SmZQU= yUe6wRXtblMRxrYP/N4n1ISjyTAIF1SmZQY= coqei5pw+HHPDpaCPzcNW4SjyTMIF1emZQU=
@adam_englander H4pyN6ucltNSlZBsaT5h2SBIuAXvITa0N3U= uAHjDXC+A0QcyxLugng2wGd/QoghrgbHMaM= o3O+HjdzJOZ7bZEi8X5MBbMWVphZmGnHEoQ= RCsavNOf1KNgf7FAqn0o6xV/nWWMsT3KkNU= dkHaoUx4npXSIOvO8rvY07CdWfOoQ7+Pht4= rBdxOfwfsGmavqsgpqcavapMNb2/vYEFW6c=
@adam_englander Random salts and IVs need good random values
@adam_englander CSPRNG
@adam_englander Stop it! You’re blowing my mind!
@adam_englander Use the password extension!
@adam_englander <?php function validate_password($password, $user) { }
@adam_englander <?php function validate_password($password, $user) { if (!password_verify($password, $user->password)) { throw new InvalidArgumentException("Password Failed"); } }
@adam_englander <?php function validate_password($password, $user) { if (!password_verify($password, $user->password)) { throw new InvalidArgumentException("Password Failed"); } if (password_needs_rehash($user->password, PASSWORD_DEFAULT)) { $user->password = password_hash($password, PASSWORD_DEFAULT); $user->save(); } }
@adam_englander It’s encryption that’s good for you
@adam_englander // Generating your encryption key $key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES);
@adam_englander // Generating your encryption key $key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES); // Generate a random nonce $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
@adam_englander // Generating your encryption key $key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES); // Generate a random nonce $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); // Using your key to encrypt information $ciphertext = sodium_crypto_secretbox('test', $nonce, $key);
@adam_englander // Generating your encryption key $key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES); // Generate a random nonce $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); // Using your key to encrypt information $ciphertext = sodium_crypto_secretbox('test', $nonce, $key); // Decrypting a message requires the nonce and key used to encrypt $plaintext = sodium_crypto_secretbox_open($ciphertext, $nonce, $key); if ($plaintext === false) { throw new Exception("Bad ciphertext"); }
@adam_englander
@adam_englander Books - Introductory • The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography - Simon Singh - ISBN: 0-385-49532
@adam_englander Books • Cryptography Engineering: Design Principles and Practical Applications - Niels Ferguson, Bruce Schneier, Tadayoshi Kohno - ISBN: 978-0-470-47424-2 • Serious Cryptography: A Practical Introduction to Modern Encryption - Jean-Philippe Aumasson - ISBN: 978-1593278267
@adam_englander Websites • https://secure.php.net/manual/en/book.password.php • https://paragonie.com/book/pecl-libsodium • https://secure.php.net/manual/en/book.openssl.php • https://secure.php.net/manual/en/book.csprng.php • https://en.wikipedia.org/wiki/Cryptography
@adam_englander https://joind.in/talk/f411c

Recommandé

Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018
Adam Englander
 
RBC Shield® Tiles: Complete WMD Protection
RBC Shield® Tiles: Complete WMD ProtectionRBC Shield® Tiles: Complete WMD Protection
RBC Shield® Tiles: Complete WMD Protection
RBC Shield, LLC
 
Trusting machines with robust, unbiased and reproducible AI
Trusting machines with robust, unbiased and reproducible AI Trusting machines with robust, unbiased and reproducible AI
Trusting machines with robust, unbiased and reproducible AI
Margriet Groenendijk
 
Introducing ElasticSearch - Ashish
Introducing ElasticSearch - AshishIntroducing ElasticSearch - Ashish
Introducing ElasticSearch - Ashish
Entrepreneur / Startup
 
Down and dirty with Elasticsearch
Down and dirty with ElasticsearchDown and dirty with Elasticsearch
Down and dirty with Elasticsearch
clintongormley
 
soFrida Dynamic Analysis Tool for Mobile Apps with Cloud Backend
soFrida Dynamic Analysis Tool for Mobile Apps with Cloud BackendsoFrida Dynamic Analysis Tool for Mobile Apps with Cloud Backend
soFrida Dynamic Analysis Tool for Mobile Apps with Cloud Backend
June Park
 
Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018
Adam Englander
 
Node.js interactive NA 2016: Tales From the Crypt
Node.js interactive NA 2016: Tales From the CryptNode.js interactive NA 2016: Tales From the Crypt
Node.js interactive NA 2016: Tales From the Crypt
Adam Englander
 

Recommandé

Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018
Adam Englander
 
RBC Shield® Tiles: Complete WMD Protection
RBC Shield® Tiles: Complete WMD ProtectionRBC Shield® Tiles: Complete WMD Protection
RBC Shield® Tiles: Complete WMD Protection
RBC Shield, LLC
 
Trusting machines with robust, unbiased and reproducible AI
Trusting machines with robust, unbiased and reproducible AI Trusting machines with robust, unbiased and reproducible AI
Trusting machines with robust, unbiased and reproducible AI
Margriet Groenendijk
 
Introducing ElasticSearch - Ashish
Introducing ElasticSearch - AshishIntroducing ElasticSearch - Ashish
Introducing ElasticSearch - Ashish
Entrepreneur / Startup
 
Down and dirty with Elasticsearch
Down and dirty with ElasticsearchDown and dirty with Elasticsearch
Down and dirty with Elasticsearch
clintongormley
 
soFrida Dynamic Analysis Tool for Mobile Apps with Cloud Backend
soFrida Dynamic Analysis Tool for Mobile Apps with Cloud BackendsoFrida Dynamic Analysis Tool for Mobile Apps with Cloud Backend
soFrida Dynamic Analysis Tool for Mobile Apps with Cloud Backend
June Park
 
Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018
Adam Englander
 
Node.js interactive NA 2016: Tales From the Crypt
Node.js interactive NA 2016: Tales From the CryptNode.js interactive NA 2016: Tales From the Crypt
Node.js interactive NA 2016: Tales From the Crypt
Adam Englander
 
Threat Modeling for Dummies
Threat Modeling for DummiesThreat Modeling for Dummies
Threat Modeling for Dummies
Adam Englander
 
In search of unique behaviour
In search of unique behaviourIn search of unique behaviour
In search of unique behaviour
DefCamp
 
php[world] 2016 - Tales From the Crypto: A Cryptography Primer
php[world] 2016 - Tales From the Crypto: A Cryptography Primerphp[world] 2016 - Tales From the Crypto: A Cryptography Primer
php[world] 2016 - Tales From the Crypto: A Cryptography Primer
Adam Englander
 
Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018
Adam Englander
 
OSDC 2019 | Automating Security in Your Data Pipline by Troy Harvey
OSDC 2019 | Automating Security in Your Data Pipline by Troy HarveyOSDC 2019 | Automating Security in Your Data Pipline by Troy Harvey
OSDC 2019 | Automating Security in Your Data Pipline by Troy Harvey
NETWAYS
 
Securing the Web without site-specific passwords
Securing the Web without site-specific passwordsSecuring the Web without site-specific passwords
Securing the Web without site-specific passwords
Francois Marier
 
The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycle
Jarrod Overson
 
Secrets and Mysteries of Automated Execution Keynote slides
Secrets and Mysteries of Automated Execution Keynote slidesSecrets and Mysteries of Automated Execution Keynote slides
Secrets and Mysteries of Automated Execution Keynote slides
Alan Richardson
 
Summary chapter 5
Summary chapter 5Summary chapter 5
Summary chapter 5
Miko Mochi
 
php[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the futurephp[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the future
Adam Englander
 
PDX Tech Meetup - The changing landscape of passwords
PDX Tech Meetup - The changing landscape of passwordsPDX Tech Meetup - The changing landscape of passwords
PDX Tech Meetup - The changing landscape of passwords
Ryan Smith
 
One Time Pad Journal
One Time Pad JournalOne Time Pad Journal
One Time Pad Journal
Amirul Wiramuda
 
Seguridad en microservicios via micro profile jwt
Seguridad en microservicios via micro profile jwtSeguridad en microservicios via micro profile jwt
Seguridad en microservicios via micro profile jwt
César Hernández
 
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp
 
Trusting machines with robust, unbiased and reproducible AI
Trusting machines with robust, unbiased and reproducible AI Trusting machines with robust, unbiased and reproducible AI
Trusting machines with robust, unbiased and reproducible AI
Margriet Groenendijk
 
Scalabay - API Design Antipatterns
Scalabay - API Design AntipatternsScalabay - API Design Antipatterns
Scalabay - API Design Antipatterns
Manish Pandit
 
Death to Passwords SXSW 15
Death to Passwords SXSW 15Death to Passwords SXSW 15
Death to Passwords SXSW 15
Tim Messerschmidt
 
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
All Things Open
 
Practical API Security - Midwest PHP 2018
Practical API Security - Midwest PHP 2018Practical API Security - Midwest PHP 2018
Practical API Security - Midwest PHP 2018
Adam Englander
 
Hacknbeers sqli and cryptography
Hacknbeers sqli and cryptographyHacknbeers sqli and cryptography
Hacknbeers sqli and cryptography
Miguel Ibarra
 
Making PHP Smarter - Dutch PHP 2023.pptx
Making PHP Smarter - Dutch PHP 2023.pptxMaking PHP Smarter - Dutch PHP 2023.pptx
Making PHP Smarter - Dutch PHP 2023.pptx
Adam Englander
 
Practical API Security - PyCon 2019
Practical API Security - PyCon 2019Practical API Security - PyCon 2019
Practical API Security - PyCon 2019
Adam Englander
 

Contenu connexe

Similaire à Dutch PHP 2018 - Cryptography for Beginners

Securing the Web without site-specific passwords
Securing the Web without site-specific passwordsSecuring the Web without site-specific passwords
Securing the Web without site-specific passwords
Francois Marier
 
php[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the futurephp[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the future
Adam Englander
 
Seguridad en microservicios via micro profile jwt
Seguridad en microservicios via micro profile jwtSeguridad en microservicios via micro profile jwt
Seguridad en microservicios via micro profile jwt
César Hernández
 
Death to Passwords SXSW 15
Death to Passwords SXSW 15Death to Passwords SXSW 15
Death to Passwords SXSW 15
Tim Messerschmidt
 
Hacknbeers sqli and cryptography
Hacknbeers sqli and cryptographyHacknbeers sqli and cryptography
Hacknbeers sqli and cryptography
Miguel Ibarra
 

Similaire à Dutch PHP 2018 - Cryptography for Beginners (20)

Threat Modeling for Dummies
Threat Modeling for DummiesThreat Modeling for Dummies
Threat Modeling for Dummies
 
In search of unique behaviour
In search of unique behaviourIn search of unique behaviour
In search of unique behaviour
 
php[world] 2016 - Tales From the Crypto: A Cryptography Primer
php[world] 2016 - Tales From the Crypto: A Cryptography Primerphp[world] 2016 - Tales From the Crypto: A Cryptography Primer
php[world] 2016 - Tales From the Crypto: A Cryptography Primer
 
Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018
 
OSDC 2019 | Automating Security in Your Data Pipline by Troy Harvey
OSDC 2019 | Automating Security in Your Data Pipline by Troy HarveyOSDC 2019 | Automating Security in Your Data Pipline by Troy Harvey
OSDC 2019 | Automating Security in Your Data Pipline by Troy Harvey
 
Securing the Web without site-specific passwords
Securing the Web without site-specific passwordsSecuring the Web without site-specific passwords
Securing the Web without site-specific passwords
 
The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycle
 
Secrets and Mysteries of Automated Execution Keynote slides
Secrets and Mysteries of Automated Execution Keynote slidesSecrets and Mysteries of Automated Execution Keynote slides
Secrets and Mysteries of Automated Execution Keynote slides
 
Summary chapter 5
Summary chapter 5Summary chapter 5
Summary chapter 5
 
php[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the futurephp[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the future
 
PDX Tech Meetup - The changing landscape of passwords
PDX Tech Meetup - The changing landscape of passwordsPDX Tech Meetup - The changing landscape of passwords
PDX Tech Meetup - The changing landscape of passwords
 
One Time Pad Journal
One Time Pad JournalOne Time Pad Journal
One Time Pad Journal
 
Seguridad en microservicios via micro profile jwt
Seguridad en microservicios via micro profile jwtSeguridad en microservicios via micro profile jwt
Seguridad en microservicios via micro profile jwt
 
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
 
Trusting machines with robust, unbiased and reproducible AI
Trusting machines with robust, unbiased and reproducible AI Trusting machines with robust, unbiased and reproducible AI
Trusting machines with robust, unbiased and reproducible AI
 
Scalabay - API Design Antipatterns
Scalabay - API Design AntipatternsScalabay - API Design Antipatterns
Scalabay - API Design Antipatterns
 
Death to Passwords SXSW 15
Death to Passwords SXSW 15Death to Passwords SXSW 15
Death to Passwords SXSW 15
 
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
 
Practical API Security - Midwest PHP 2018
Practical API Security - Midwest PHP 2018Practical API Security - Midwest PHP 2018
Practical API Security - Midwest PHP 2018
 
Hacknbeers sqli and cryptography
Hacknbeers sqli and cryptographyHacknbeers sqli and cryptography
Hacknbeers sqli and cryptography
 

Plus de Adam Englander

ZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API SecurityZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API Security
Adam Englander
 
Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Practical API Security - PyCon 2018
Practical API Security - PyCon 2018
Adam Englander
 

Plus de Adam Englander (20)

Making PHP Smarter - Dutch PHP 2023.pptx
Making PHP Smarter - Dutch PHP 2023.pptxMaking PHP Smarter - Dutch PHP 2023.pptx
Making PHP Smarter - Dutch PHP 2023.pptx
 
Practical API Security - PyCon 2019
Practical API Security - PyCon 2019Practical API Security - PyCon 2019
Practical API Security - PyCon 2019
 
ZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API SecurityZendCon 2018 - Practical API Security
ZendCon 2018 - Practical API Security
 
ZendCon 2018 - Cryptography in Depth
ZendCon 2018 - Cryptography in DepthZendCon 2018 - Cryptography in Depth
ZendCon 2018 - Cryptography in Depth
 
php[tek] 2108 - Cryptography Advances in PHP 7.2
php[tek] 2108 - Cryptography Advances in PHP 7.2php[tek] 2108 - Cryptography Advances in PHP 7.2
php[tek] 2108 - Cryptography Advances in PHP 7.2
 
Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Biometrics: Sexy, Secure and... Stupid - RSAC 2018Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Biometrics: Sexy, Secure and... Stupid - RSAC 2018
 
Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Practical API Security - PyCon 2018
Practical API Security - PyCon 2018
 
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the FutureConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
 
Con Foo 2017 - Don't Loose Sleep - Secure Your REST
Con Foo 2017 - Don't Loose Sleep - Secure Your RESTCon Foo 2017 - Don't Loose Sleep - Secure Your REST
Con Foo 2017 - Don't Loose Sleep - Secure Your REST
 
ZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for BeginnersZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for Beginners
 
ZendCon 2017: The Red Team is Coming
ZendCon 2017: The Red Team is ComingZendCon 2017: The Red Team is Coming
ZendCon 2017: The Red Team is Coming
 
ZendCon 2017 - Build a Bot Workshop - Async Primer
ZendCon 2017 - Build a Bot Workshop - Async PrimerZendCon 2017 - Build a Bot Workshop - Async Primer
ZendCon 2017 - Build a Bot Workshop - Async Primer
 
Symfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Symfony Live San Franciso 2017 - BDD API Development with Symfony and BehatSymfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Symfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
 
Coder Cruise 2017 - The Red Team Is Coming
Coder Cruise 2017 - The Red Team Is ComingCoder Cruise 2017 - The Red Team Is Coming
Coder Cruise 2017 - The Red Team Is Coming
 
Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Don't Loose Sleep - Secure Your Rest - php[tek] 2017Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Don't Loose Sleep - Secure Your Rest - php[tek] 2017
 
Build a bot workshop async primer - php[tek]
Build a bot workshop async primer - php[tek]Build a bot workshop async primer - php[tek]
Build a bot workshop async primer - php[tek]
 
Python and Docker
Python and DockerPython and Docker
Python and Docker
 
Concurrent Programming in Python
Concurrent Programming in PythonConcurrent Programming in Python
Concurrent Programming in Python
 
Biometrics - Fantastic Failure Point of the Future
Biometrics - Fantastic Failure Point of the FutureBiometrics - Fantastic Failure Point of the Future
Biometrics - Fantastic Failure Point of the Future
 
IoT Lock Down - Battling the Bot Net Builders
IoT Lock Down - Battling the Bot Net BuildersIoT Lock Down - Battling the Bot Net Builders
IoT Lock Down - Battling the Bot Net Builders
 

Dernier

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Dernier (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Dutch PHP 2018 - Cryptography for Beginners