Encryption is a core component to security and a product of strong cryptography. What should you know as a casual user of the Internet, digital wallets or as an application developer.
Automating Google Workspace (GWS) & more with Apps Script
Encryption Basics Everyone Should Know
1. E N C R Y P T I O N B A S I C S
E V E R Y O N E S H O U L D K N O W
2. F I R S T R U L E O F
C R Y P T O :
D O N ' T R O L L Y O U R
O W N C R Y P T O
2@NOTTRUPPI | @PAYDROPINC
3. B A D E X A M P L E S
• AT&T’s Clipper Chip
• BassOmatic
• Telegram’s MTProto
• Crown Sterling
@NOTTRUPPI | @PAYDROPINC 3
4. A D D I T I O N A L R U L E S
• Encryption is not the answer to security
• Cryptography is not easy
• Cryptography is not cheap
@NOTTRUPPI | @PAYDROPINC 4
5. T H E R E A L I T Y
• Algorithms will be broken
• The time from acceptance to deprecation is shrinking
• Be thoughtful how the cryptography is applied to your system
@NOTTRUPPI | @PAYDROPINC 5
6. E X T I N C T I O N
• RC2/RC4
• (X)DES
• SHA-1
• MD2/MD4/MD5
• RSA < 1024bits
• ECDSA - 160bits
• SSL
@NOTTRUPPI | @PAYDROPINC 6
7. A P P L I E D C R Y P T O G R A P H Y
• Encryption in transit (SSL, TLS)
• Encryption at rest
• Digital certificates
• Digital wallets
• Hashes (MD5, SHA)
• Seeds
• Sharding (Shamir’s Secret Sharing)
• Symmetric encryption (AES)
• Asymmetric encryption (ElGamal)
• Hybrid (symmetric & asymmetric)
• Public-key cryptography (Wallets, ECC)
• Algorithms
• Random number generation
• Multi-signature
• Multi-party computation
@NOTTRUPPI | @PAYDROPINC 7
8. T H E C R Y P T O O F C R Y P T O
• Random number generators
• Key ceremonies
• Hashing (BTC SHA-256)
• Digital signatures
• Multi-signature
• Multi-party computation
• Mix networks
@NOTTRUPPI | @PAYDROPINC 8
9. H O W T O R E D U C E R I S K
• All device encryption
• VPNs all the time
• Encrypted applications (messaging, voice)
• Multi-signature wallets
• Use applications compatible with TPM
• Physical hardware keys
@NOTTRUPPI | @PAYDROPINC 9
10. R E S O U R C E S
• Cryptocurrency Security Standard (CCSS)
• Digital Asset Custody Standard (DACS)
• NIST 800-175B
• NIST FIPS 140-2
• NIST 800-90A
@NOTTRUPPI | @PAYDROPINC 10
11. T H A N K YO U
JASON TRUPPI
@NotTruppi | @Paydropinc