How not to shoot yourself in the foot with cryptography

stonecharioteer commented 1 year ago

Title of the talk

Description

The Pitch

Hear me out, I have an app I'm working on, to store your passwords. How is it secure you ask? Well since I'm a genius, I've used the names of two movies that couldn't be more unlike one another to mask the passwords and keep hackers from guessing it. Trust me, no one could guess what these two movies are. Did someone say Barbenheimer? Fiddle-sticks.

Introduction

Every software engineer thinks they can roll out their own cryptography solution. I mean, I’m the only one who has thought up the idea to hash my database password column with a rot-13 cipher after a "SUPER SECRET WORD" to salt the passwords first right? Right? Every cryptography course tells you not to do this, but my code is impenetrable, isn’t it? Let’s see how impenetrable it really is. If you’re a fan of magic shows, cryptography walks you down a path where you watch a magic show that leaves you traumatised about the internet and websites you use ever day.

Why should you listen to this talk?

Have you ever sat through an interview where someone asked you how public-private key encryption works? Have you heard the term “Diffie-Hellman” and wondered what sort of spider-web of mathematical expressions you need to memorise to understand this? This talk takes you through the avenues of cryptography, through my experience learning about it through the Matasano cryptopals.com challenges, as well as reading through daunting textbooks on the subject to try and understand a little bit of what is going on. You will learn how to take cryptography seriously, and how you can use Python to work through some small cryptography challenges, and implement some well-known cryptography algorithms. Of course, you will also learn why you should not do this. And at the end, if you dare, it will be time to try and guess the key used to hash something from the audience.

What format do you have in mind for your talk?

Talk

What domain would you say your talk falls under?

Web Dev

Duration in minutes (including Q&A)

45

Prerequisites

A working understanding of how the internet works.
Beginner to intermediate Python knowledge.

Speaker bio

I'm Vinay Keerthi and I work as a Team Lead at ChainSafe Systems where I work with distributed technology and cryptography. I've spoken at PyCon India before, about MicroPython (and my voice-controlled bookshelf), and I'm a regular at BangPypers, having spoken about Flask, MicroPython, Web Application Security and PostgreSQL.

I've previously worked at Flipkart and Visa Inc, where I've built tools and applications for developer productivity. I'm a DIY enthusiast and build my own mechanical keyboards and tools.

I write at stonecharioteer.com, about software, career advice and general life happenings.

The talk/workshop speaker agrees to

[X] Share the slides, code snippets and other material used during the talk
[X] If the talk is recorded, you grant the permission to release the video on BangPyper's YouTube channel under CC-BY-4.0 license
[X] Not do any hiring pitches during the talk and follow the Code of Conduct

RiteshAgrawal commented 12 months ago

Hi @stonecharioteer Will you be able to present this for Aug meetup (19th Aug)? If yes, please attach your headshot for the poster banner.

stonecharioteer commented 12 months ago

Hey @RiteshAgrawal next month, just before PyCon would be better. I'd need more time to prepare the talk.

anistark commented 9 months ago

@stonecharioteer Would you be willing to do this session on Nov 25th meetup?

anistark commented 8 months ago

@stonecharioteer Gentle reminder to confirm.

anistark commented 7 months ago

No response. Closing it.

bangpypers / meetup-talks