Deirdre Connolly¹ ²
In TLS in browsers will add ~7KB to each handshake, ~10% slowdown
#realworldcrypto
Instead of achieving transparency by logging what is issued, we issue by logging and get both at once
#realworldcrypto
Next up, 'Private Key Leaks in the Wild: Insights from Certificate Transparency', presented by Guillaume Valadon and Gaëtan Ferry
#realworldcrypto
Next up, 'Self-Auditable Key Transparency at Scale', by Hossein Hafezi
#realworldcrypto
Next up, 'DTLS-SRTP: The Protocol Everyone is Using But Nobody is Checking', presented by Robert Merget
#realworldcrypto
Missing auth checks, vulnerable to network man in the middle, including Webex
#realworldcrypto
Q: Did you look at E2EE real time communication that used sframe as well?
A: MIght've been Zoom, didn't observe any other cases
#realworldcrypto
Next up, 'The widespread popularity of insecure proprietary network encryption in the Android ecosystem', presented by Mona Wang
#realworldcrypto
Chinese mobile apps are encrypting way less
ieeexplore.ieee.org/document/110...
#realworldcrypto
WireWatch: Measuring the Secur...
WireWatch: Measuring the Secur...
Keyboards, browsers, analytics, ads, device data, etc— all fucked
#realworldcrypto
"I can't sleep, knowing what I've seen"
#realworldcrypto
None of the schemes tried to provide cryptographic integrity or
authenticity, except for MMTLS
#realworldcrypto
Next up, 'Lessons Learned from Cryptography Shortcuts on the Example of TLS Session Tickets', presented by Sven Hebrok
#realworldcrypto
Active impersonation of resumption possible in TLS 1.2 and 1.3
#realworldcrypto
Attacks were known in theory, many implementations vulnerable after years
#realworldcrypto
Vulns happened due to API design and changes over time, easy to misuse
#realworldcrypto
Protocol design: session ticket encryption key is freely chosen by the server, not auditable; all other keys in TLS are either asymmetric crypto or derived via a KDF from the key exchange
#realworldcrypto
