The Limits of Cryptography [#Easterhegg #2014] #crypto #Realness ~ The Limits of Cryptography While recent events have finally made the world at large realize that the exhaustive deployment and use of cryptography throughout the Internet can no longer be deferred, there is now a good chance that people will be given a false sense of security once cryptographic support has been added and enabled. This talk points out the limitations inherent in real-world cryptography, from its underlying principles to its operation, * Preliminaries * What is IT security, and what is touted as "IT security"? * Cryptography 101---a quick refresher * Attack types---another quick refresher * The limits of cryptographic systems/algorithms * Inherent limitations * Methodologic considerations * Cryptography and performance * Cases of inherently broken algorithms * Real world crypto implementations * Inherent problems with hardware implementations * Inherent problems with software implementations * Crypto on real world computers * Crypto on real world operating systems * Crypto and applications * A history of disasters: SSL (part 1) * The problem in front of the screen * Ordinary users vs. cryptography * Presumptuous developers * Paranoia and wannabe paranoia * Cryptography and money: Histories of disasters * Banks and cryptography * SSL (part 2) * Hardware encrypted hard disks * Crypto and sales people * Lethargy (a.k.a. "pragmatism") * The pain principle * The life cycle of a crypto solution * Already deployed implementations * Legal and political aspects * When using crypto legally backfires * Who is liable for broken crypto products? * Further reading Speaker: Benedikt Stockebrand EventID: 5748 Event: Easterhegg 2014 [eh14] by the Chaos Computer Club Stuttgart Location: Kulturhaus Arena; Ulmer Straße 241; 70327 Stuttgart-Wangen; Germany Language: english Begin: Sat, 04/19/2014 20:45:00 +02:00 Lizenz: CC-by-nc-sa