Cryptography is easy, but no magic. Use it. Wisely.

Lord BugBlue

Playlists: 'MCH2022' videos starting here / audio

Using cryptography can give you easy assurances, keep data confidential and keep prying eyes from stuff where they should not be.

However it's not magic.
This talk is intended for programmers, users and software designers.

This talk is about hardcore mathematics while you should not have to understand what the mathematics are but what they do.

What does cryptography do: encrypt, decrypt, sign and verify.
How are certificates used in cryptogaphy and why are they totally not a magical thing.

It covers what cool hardware is available, open design and open source, hardware tokens and how to use TPM for cool features.

And last but not least: it contains best practices and warnings. After this talk you might be able to see what's snakeoil and what is real.

== NFT's are a scam. If you are into crypto-bullshit please stay away. ==

Cryptography seems like magic anytime you at first look at it.
In the past years I have been helping a lot of projects and customers with my more-than-basic knowledge about applied cryptography.

I'll talk about:
* What is cryptography (basic math)
- encryption
- decryption
- digital signatures
- digital signature verification
* What can it do for you?
- Deliver security
- Deliver privacy
- Deliver dataloss
* When to use encryption
- what cryptography do you want to build (hint: none)
- what cryptography do you want to use (a- or symetrical encryption).
- how do you do key management
- where to find the best practices
* About hardware
- Provide security
- Provide speed
- HSM, TPM, processor and other acceleration
* Standards
- The good, the bad, the ugly
- Old ones
- New ones
- Very special ones
* Limitations and workarounds
* Software
- How to avoid OpenSSL
* This all in random() order. Random = 4