A Retrospective on the Use of Export Cryptography

Explore the impact of export-grade cryptography on TLS security in this 51-minute Black Hat conference talk. Delve into the technical details and historical background of three major vulnerabilities—FREAK, Logjam, and Drown—that affected up to 37% of browser-trusted HTTPS servers in 2015. Examine recent vulnerability measurement data from Internet-wide scans, revealing the current state of affected servers. Investigate the reasons behind these vulnerabilities, the consequences of including weakened cryptography in protocols, and learn best practices for designing and implementing secure cryptographic protocols. Gain insights from the speaker's firsthand experience in discovering these export vulnerabilities, and understand the lessons learned from measuring and analyzing export cryptography. Receive recommendations for both technologists and policymakers, and explore the historical context of the current "going dark" and Apple vs. FBI debate.

A Retrospective on the Use of Export Cryptography