Symmetric and Asymmetric Encryption with Scott Arciszewski
In this weeks episode we are lucky to be joined again by Scott Arciszewski. We start off the show by discussing the difference between Symmetric and Asymmetric Encryption, what Authenticated Encryption is and how secret-keys are exchanged using Diffie-Hellman. From here, we move on to highlight how Elliptic-curve cryptography works, what DNSCrypt is and why prime numbers are so important in cryptography. Finally, we touch upon multi-factor authentication, how one time passwords work, SMS vulnerabilities and how to manage password recovery.
Show Links
- Scott Arciszewski on Twitter
- You Wouldn’t Base64 a Password - Cryptography Decoded - Paragon Initiative Enterprises Blog
- Sealed boxes - libsodium
- Diffie-Hellman Key Exchange - YouTube
- The Padding Oracle Attack - why crypto is terrifying
- paragonie/EasyRSA - Simple and Secure Wrapper for phpseclib
- Can you explain Bleichenbacher’s CCA attack on PKCS#1 v1.5?
- ZF2015-10 - Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey
- Why should I use Authenticated Encryption instead of just encryption? - Cryptography Stack Exchange
- defuse/php-encryption - Simple Encryption in PHP.
- paragonie/paseto - Platform-Agnostic Security Tokens
- Trapdoor functions
- Discrete Logarithm Problem
- Practical Invalid Curve Attacks
- DNS Security with DNSCrypt - OpenDNS
- Public key infrastructure
- How I exploited ACME TLS-SNI-01 issuing Let’s Encrypt SSL-certs for any domain using shared hosting
- paragonie/multi_factor - Vendor-Agnostic Two-Factor Authentication
- Signal Protocol
- Split Tokens - Token-Based Authentication Protocols without Side-Channels - Paragon Initiative Enterprises Blog
- paragonie/gpg-mailer - GnuPG-encrypted emails made easy
- Email Self-Defense - a guide to fighting surveillance with GnuPG encryption