Navigating Cryptographic Inventories: Challenges, Real-Time Insights, and Defense in Depth (Q02b)
Cryptographic inventories enable organizations to identify cryptographic algorithms, protocols, and libraries used within their networks. Ideally, they would provide an easy-to-understand list of cryptographic assets, but in practice, they often fall short.
This talk explores the challenges of cryptographic inventories, such as static snapshots failing to capture real-time encryption negotiations and overlooking implementation flaws, timing attacks, and poor key management. A defense-in-depth strategy is proposed, emphasizing diversified security measures to minimize single points of failure. This layered approach enhances resilience against attacks and addresses evolving digital threats, including post-quantum security.