Overview of Open-Source Cryptography Vulnerabilities (S31a)
This talk will review the foundations of cryptographic vulnerabilities as applicable to open-source software from a penetration tester’s perspective over multiple public cryptography audit reports. It will discuss what attacks in the past took advantage of these cryptography vulnerabilities and what the consequences were. The talk will also examine ways that open-source software has been updated over time to mitigate these cryptography flaws and how successful these mitigations may have been. Finally, some thoughts on possible areas that could be the focus for future cryptography vulnerabilities in open-source applications will be presented.