143: Symmetric and Asymmetric Encryption with Scott Arciszewski
Three Devs and a Maybe
English - February 06, 2018 18:00 - 31.2 MB - ★★★★★ - 11 ratingsTechnology Education Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
In this weeks episode we are lucky to be joined again by Scott Arciszewski.
We start off the show by discussing the difference between Symmetric and Asymmetric Encryption, what Authenticated Encryption is and how secret-keys are exchanged using Diffie-Hellman.
From here, we move on to highlight how Elliptic-curve cryptography works, what DNSCrypt is and why prime numbers are so important in cryptography.
Finally, we touch upon multi-factor authentication, how one time passwords work, SMS vulnerabilities and how to manage password recovery.
In this weeks episode we are lucky to be joined again by Scott Arciszewski.
We start off the show by discussing the difference between Symmetric and Asymmetric Encryption, what Authenticated Encryption is and how secret-keys are exchanged using Diffie-Hellman.
From here, we move on to highlight how Elliptic-curve cryptography works, what DNSCrypt is and why prime numbers are so important in cryptography.
Finally, we touch upon multi-factor authentication, how one time passwords work, SMS vulnerabilities and how to manage password recovery.
Show Links
Scott Arciszewski on Twitter
You Wouldn’t Base64 a Password - Cryptography Decoded - Paragon Initiative Enterprises Blog
Sealed boxes - libsodium
Diffie-Hellman Key Exchange - YouTube
The Padding Oracle Attack - why crypto is terrifying
paragonie/EasyRSA - Simple and Secure Wrapper for phpseclib
Can you explain Bleichenbacher’s CCA attack on PKCS#1 v1.5?
ZF2015-10 - Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey
Why should I use Authenticated Encryption instead of just encryption? - Cryptography Stack Exchange
defuse/php-encryption - Simple Encryption in PHP.
paragonie/paseto - Platform-Agnostic Security Tokens
Trapdoor functions
Discrete Logarithm Problem
Practical Invalid Curve Attacks
DNS Security with DNSCrypt - OpenDNS
Public key infrastructure
How I exploited ACME TLS-SNI-01 issuing Let’s Encrypt SSL-certs for any domain using shared hosting
paragonie/multi_factor - Vendor-Agnostic Two-Factor Authentication
Signal Protocol
Split Tokens - Token-Based Authentication Protocols without Side-Channels - Paragon Initiative Enterprises Blog
paragonie/gpg-mailer - GnuPG-encrypted emails made easy
Email Self-Defense - a guide to fighting surveillance with GnuPG encryption