Cryptography Isn't Scary
The contents here is created from the official CascadiaJS Page
Overview
- name: Eddie Zaneski
- Speaker Page
Abstract
Cryptography isn't scary, it's fun! Join for a crash course in modern cryptography. Learn what's available in Node and the browser along with how we are securing the software supply chain.
Notes
Notes by aminamos
- symmetric, asymmetric, one-way functions, pseudorandom number generators
- RSA
- time to phase this out
- prime factorization
- modular arithmetic is a one-way function
- ECC elliptic curve cryptogrpahy
- allows shorter key lengths but more security
- DHKE
- web crypto API https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API
- SubtleCrypto https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API
- Dual_EC_DRBG https://en.wikipedia.org/wiki/Dual_EC_DRBG
- Sigstore - Let's Encrypt for signing
-
works at chainguard using kuberneties
-
don't roll your own cryptography
-
RSA isn't the bees knees anymore
-
Modular Arithmetic
- "one way door"
-
Eliptic Curve Cryptography
- also one way door. AFAIK it's the backbone of blockchain
y^2 = x^2 + ax + b- used in the generation of a public and a private key
-
Diffie Hellman Key Exchange
-
import crypto from 'node:crypto- Sample Diffie Hellman Key Exchange code sample...
-
getRandomValues(TypedArray),randomUUID(),subltle- Why subtle? Easy to shoot yourself in the foot.
-
NSA's cryptography function scandal
Dual_EC_DRBG.- require usage of P and Q
- NSA knows
e?
-
- OSS
- Let's Encrypt for signing
- Fulcio: keyless signing
- Rekor: transparency log
- Cosign: Container signing
- A tool for signing and verifying npm packages
-
npm RFC 626: linking packages to source and build
- proof of where package was built
Presentation Notes
- full of nice gif memes.
Recommends the computerphile youtube channel.
Notes by kevin
-
disclaimer: don't try this at home
-
symmetric keys: everyone has key
-
asymmetric key (public key cryptography): only share public key
-
one way functions: hard to reverse operation
-
pseudorandom number generators: sources of entrophy
-
rsa
- great when it came out, not recommended anymore
-
modular arithmetic
- % operator in javascript
-
elliptic curve cryptography (ecc)
-
why ecc
- rsa needed to increase bit length to make stronger
- ecc scales better
-
diffie hellman key exchange
- agree over symmetric key in insecure channel
- eg. ssh
-
web crypto api
- built into browser
-
nsa backdoor
- pseudo random number generator that is broken by design
- believed that nsa has backdoor
-
sigstore
- new standard for signing, verifying, and protecting software
- lets encrypt for signing
Children
Tags
Backlinks