WebHack #11 Using Cryptography Safely
Organizing : https://webhack.connpass.com/
Free Admission + Dinner (self-paid)
Using Cryptography Safely
Web apps are using cryptography very often nowadays, but still this is not a simple task. As shown, a whopping 87% of Android apps and 80% of iOS apps analyzed by Veracode were found to have cryptographic issues.
If you're using your language's standard library to encrypt something, you'll suddenly find yourself grappling with arcane choices. Should you use CFB, CBC, CTR or ECB? Should you use PKCS#7 padding? What is an IV and how do you set it's value?
These little choices can easily break your cryptography entirely, even you've chosen a strong cipher. Turning to the web for help, won't save you either. Unfortunately, Stack Overflow answers, blog articles and tutorials are still full of mistakes and bad advice.
There are some good news, though. You can understand how encryption works without understanding all the math behind it. This talk will try to unlock the meaning behind all these confusing terms and help you learn new ideas and write safer code in the same time.
Boaz Yaniv is Software Architect who is passionate about security and cryptography. Linguist and Humanities specialist by training, he found himself working on authentication solutions - first for the Israeli government then for Rakuten, Inc. in Japan - and add to learn a lot about cryptography in the process.
Lightning talk: Overview of JSON Object Signing and Encryption (JOSE)
JSON Object Signing and Encryption (JOSE) WG in IETF standardized mechanism for integrity protection (signature and MAC) and encryption as well as the format for keys and algorithm identifiers to support interoperability of security services for protocols that use the JSON.
There are specifications such as JSON Web Key (JWK), JSON Web Signature (JWS) and JSON Web Encryption (JWE) in JOSE WG. This lightning talk will introduce overview of them.
Masaru Kurahayashi(@kura_lab) is Authentication Technology kuro-obi(黒帯) and CISO-Board in Yahoo! Japan Corporation. He is an engineer and responsible for Identity federation systems such as OAuth and OpenID Connect provided by Yahoo! JAPAN. Also, He works for OpenID Foundation Japan as an evangelist for about four years.
- 19:00-19:10 Registration
- 19:10-20:00 Presentation from Mr. Boaz Yaniv
- 20:00-20:10 Q&A
- 20:10-20:20 Talk from Mr. Masaru Kurahayashi
- 20:30-22:00 Dinner
Tech Meetup WebHack would like to express the special thanks of gratitude to Yahoo! JAPAN who provide the wonderful venue.
Media View all Media
If you've ever wondered what an https://bitquant.capital/blog/automated-market-maker-what-is-amm/ automated market maker does, this article will help you understand the concept. A market maker is a computer program that makes trades on exchanges on your behalf. These programs usually work by decentralizing the process and letting anyone create a market on the blockchain. A market maker is also known as an exchange's order book. Let's look at a few ways that an automated market maker might help you make trades.
You may have noticed some familiar patterns https://goodcrypto.app/chart-patterns-for-crypto-trading-trading-patterns-explained/ on trading chart patterns. These patterns are usually formed from the upward and downward trend lines meeting. If your stock is trending upward and down, you may see a Bull Flag or a Bear Flag. A bear flag is a bearish market, with a downward breakout. Traders can short the stock to accelerate its depreciation. You can also use symmetrical triangles to trade against a downward trend.