If It Ain't Broken, Do Fix It
Matteo Scarlata and Kien Tuong Truong
Security is hard. Modern programming languages help us with memory and type safety, but, even with bleeding edge frameworks and libraries, *getting your crypto right remains hard*.
We will take a look at recent cryptographic breaks in **Matrix**, **Threema**, **Bridgefy** and **Mega**, explore the modern cryptographic best practices and why they matter, see what makes **TLS 1.3** special, and discuss how to get to a more secure world together!
This talk is a primer in modern cryptographic best practices, supporting them by examples of recent breaks and vulnerability disclosures.
With cryptographic failures showing up every other day in security news, and placing #2 in the "OWASP top 10" web application security list, we want to show why apparently innocuous mistakes can make things go disastrously wrong.
We plan to dedicate a part of the talk to open discussion, gathering feedback from developers and maintainer of open source cryptography, with the long term plan of building an high-level cryptographic library that should make developing new cryptographic protocols easier and more secure.