HITB Lab: Breaking Bad Crypto

Learn cryptography, or at least why you should stay away from it, the fun way! By breaking some yourself, live.

We will take a piece of real-world cryptography, the Vimeo/Flickr 2009 API authentication scheme, tear it to pieces, study how each of them works, break its designers’ assumptions and use the capabilities we gain to craft completely arbitrary API calls for a victim user.

The session is 100% hands-on, with very little material (basically just old API docs, a target server reimplementation, and some client boilerplate). I’ll explain the crypto and attack basics and then proceed to code the exploit live, along with the audience, stopping often to analyze and compare outputs and milestones.

No slides, just cold hard code and data produced along the way. No cryptography experience needed at all. Bring your laptop and Python chops.

Location: Track 3 / HITB Labs Date: May 28, 2015 Time: 4:30 pm - 6:30 pm Filippo Valsorda Download Presentation Materials