conference logo

Playlist "Chaos Communication Camp 2023"

If It Ain't Broken, Do Fix It

Matteo Scarlata and Kien Tuong Truong

Security is hard. Modern programming languages help us with memory and type safety, but, even with bleeding edge frameworks and libraries, *getting your crypto right remains hard*.

We will take a look at recent cryptographic breaks in **Matrix**, **Threema**, **Bridgefy** and **Mega**, explore the modern cryptographic best practices and why they matter, see what makes **TLS 1.3** special, and discuss how to get to a more secure world together!

This talk is a primer in modern cryptographic best practices, supporting them by examples of recent breaks and vulnerability disclosures.
With cryptographic failures showing up every other day in security news, and placing #2 in the "OWASP top 10" web application security list, we want to show why apparently innocuous mistakes can make things go disastrously wrong.
We plan to dedicate a part of the talk to open discussion, gathering feedback from developers and maintainer of open source cryptography, with the long term plan of building an high-level cryptographic library that should make developing new cryptographic protocols easier and more secure.