University of South Florida
College of Arts and Sciences
Title: How cryptographic security fails in the real world
Speaker: Nadia Heninger, University of Pennsylvania
Place: CMC 118
Cryptography is a cornerstone of modern computer security. After several decades of academic and scientific development, we have a good understanding of how to design provably secure schemes. However, there is a significant gap between our theoretical understanding and the reality present in deployed systems today. In this talk, I will show how algorithmic insights and an Internet-scale view of cryptographic protocols have allowed us to discover several catastrophic security failures in practice. These include the discovery of malfunctioning random number generators, dangerous use of hard-coded parameters that had been widely believed to be harmless, and multiple compromises of deliberately weakened cryptography.