Cryptography Do's and Don'ts in 2021

Explore cryptographic best practices and common pitfalls in this 32-minute conference talk from NorthSec 2021. Gain insights into real-world crypto attacks, learn how to navigate modern cryptography APIs, and understand the latest developments in cryptographic communities. Delve into various cryptographic primitives, including Random Number Generators, Encryption/Decryption algorithms, message authentication codes, digital signatures, and password storage. Discover secure patterns and practices for designing and analyzing cryptographic systems, with a focus on future-proofing applications. Benefit from the expertise of Mansi Sheth, Principal Security Researcher at Veracode Inc., as she shares valuable knowledge for security architects, developers, and practitioners involved in cryptographic application design and auditing.

Intro
Why so many Crypto Failures?
Cryptography Disclaimer
What are we going to talk about today?
What is: Cryptographically Secure Pseudo Random Number Generator (CSPRNG) ?
Dos and Donts Source of Entropy
Authenticated Encryption (AE)
Authenticated Encryption with Associated Data (AEAD)
Dos & Donts
Padding Schemes across implementations
What is a Hash Functions
Hash: Properties/Strength
What is a Message Authentication Code(MAC) ?
Storing Secrets - Dos and Donts
Public Key Cryptography using ECC