Talks
Speakers
Events
Topics
Sign in
Home
Talks
Speakers
Events
Topics
Leaderboard
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
GORUCO 2018: Encryption Pitfalls and Workarounds by Melissa Wahnish
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
In her talk at GoRuCo 2018, Melissa Wahnish discusses the complexities surrounding the implementation of encryption in software development. As the founder of Ruby Thursday, she utilizes her background as an actor turned developer to inform her audience about the needs and pitfalls associated with encrypting personal data in applications. The presentation covers several critical aspects of encryption: - **Understanding Encryption**: Wahnish provides a definition of encryption as a modern cryptography technique that transforms plaintext into ciphertext, concealing information through complex algorithms. She discusses the importance of securing keys using methods like salting and utilizing initialization vectors (IV). - **Key Considerations**: She emphasizes the need to consider which personal data to encrypt, referencing GDPR's strict guidelines on personal identifiers. The choice between using a single key for the entire application versus unique keys for each record is highlighted, noting the security risks associated with a single key approach. - **Crypto Tools**: Wahnish reviews two open-source tools - AttrEncrypted and Cryptkeeper. AttrEncrypted is renowned for its extensive options and strong security—suitable for high-stakes applications like banking. Cryptkeeper, while easier to integrate and featuring built-in searching capabilities, relies on a single key, thereby posing security challenges. - **Case Study**: She shares a practical example from her experience where Cryptkeeper was implemented for a client needing to encrypt user names and emails. Challenges arose when the larger user base caused performance bottlenecks during logins. The situation led her to employ a workaround suggested by the tool's maintainer, creating a unique hash for safer and more efficient user searches. Wahnish wraps up her presentation by discussing the ongoing balancing act between usability and security in encryption, encouraging her audience to continue exploring this vital aspect of cybersecurity while acknowledging the hurdles it presents.
Suggest modifications
Cancel
