Crypt-Oh No!

Zach Grace (1=1--)

Speaker Bio

Zach is a principle security engineer at Northwestern Mutual. He has worked in offensive security for the last seven years focusing on securing financial institutions. Zach is also the creator of the open source security projects changeme and Sticky Keys Hunter.
Previous Speaking:
DerbyCon 6 – Better Network Defense, DerbyCon 7 – changeme default credential scanner, B-Sides Chicago – Pen Testing is Broken, CheddarCon – Password Cracking, InfraGuard SuperCon


The security community hasn’t done a great job at making it easy for developers to choose the right algorithms and ciphers for their applications. Even when the right crypto primitives are chosen, subtle programming mistakes can lead to issues with the efficacy of the encryption. This presentation is aimed at helping developers avoid common cryptography pitfalls when encrypting sensitive data by giving guidance on what algorithms to choose and identifying common implementation issues observed in real-world applications.