To view a recording of this session Get Adobe Flash player

Prof. dr. Dan J. BernsteinD. J. Bernstein

Daniel J. Bernstein (aka djb) is a professor at the University of Illinois at Chicago, a mathematician, cryptologist, and programmer. He is the author of some of the Internet's most secure applications such as qmail,  djbdns and publicfile.

In March 1997, Dan offered $500 to the first person to publish a verifiable security hole in qmail. In November 2007, the security guarantee was increased to $1000 in the intriguing paper Some thoughts on security after ten years of qmail 1.0. This paper reflects on software engineering techniques that help progress towards invulnerable systems. To date, no security hole has been found in qmail and the prize remains unclaimed. So does $1000 that was similarly offered for djbdns. When Dan Kaminsky disclosed the DNS protocol design flaw in July 2008, he emphatically commended Dan Bernstein for his foresight and excellent systems engineering sense.

In August 2008, Bernstein announced DNSCurve, a proposal to secure the Domain Name System. DNSCurve uses techniques from elliptic curve cryptography to give a vast decrease in computational time over the RSA public-key algorithm used by DNSSEC, and uses the existing DNS hierarchy to propagate trust by embedding public keys into specially formatted (but backward-compatible) DNS records.

Bernstein brought the court case Bernstein v. United States in 1995. This led to the court declaring in 1999 that software is protected speech under the First Amendment, and overturning US restrictions on encryption software.


description

Cryptography worst practices

Learning objectives

understand how and why cryptography fails in the real world.

Overview

Cryptography promises to protect the security of communications, but in fact it has failed again and again to meet this promise, and in some cases it has made security even worse. This lecture is a cryptographic horror show, with an emphasis on interesting recent examples.

Partners:

Solvay Brussels School of Economics and Management Katholieke Universiteit Leuven

Affiliated organizations:

OWASP NESSoS iMinds
Creative Commons

Contents of the secappdev.org website are licensed under a Creative Commons Attribution-NonCommercial 3.0 License.