Web crypto talk at Yahoo Security Week

On June 9, I’ll be giving a talk on web crypto flaws at Yahoo Security Week. The talk is titled “When Crypto Attacks!” and will go into ways cryptography has been misapplied to solving web application problems. You can get a flavor for the talk by reviewing these recent posts.

I also wanted to mention another high-level API that is pretty good: Peter Gutmann’s cryptlib. It provides a simple API with a lot of internal validation of parameters and state. For example, you can’t send messages in the wrong order and keys have types associated with them.

If you are a Yahoo employee, you can attend the talk. For everyone else, I will post slides here afterwards.