Software with cryptographic features more often than not programmed by
people with only limited knowledge about the cryptographic primitives
they use. This gives rise to a class of bugs I call 'crypto bugs', an
area in which I have some expertise and in which I'd like to
pontificate on in this talk.
Specifically, in this talk I will shine a torchlight into the
following areas:
Pseudorandomness and how screwing it up will break your code
1001 - \epsilon ways to screw up RSA signatures and their
verification
Side-channels attacks are for real: break virtualization and AES
What you never wanted to hear about ciphers - I'm telling you anyway
This talk will be purely offensive in nature. No explicit hints will
be given
as how to fix things - go buy a copy of Niels and Bruce's "Practical
Cryptography" for starters if you're into that area.