Cryptography forms the backbone of how we securely use information online, but most developers don’t have more than a surface level understanding of cryptography.
Shannon's maxim states that “one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them”. Open source makes this feasible for cryptography, with open source cryptographic libraries handling a huge proportion of information on the internet in flight and at rest.
Developers place a lot of trust in the authors of these libraries to get the cryptography engineering right.
But when basic usability issues result in developers using the libraries incorrectly, that trust and painstaking cryptography engineering can be for naught. Worse still, developers often believe they have used the libraries to build something that is secure. But that belief is often mistaken — their use of these libraries is actually insecure.
In this talk, attendees will learn:
- What research says about how the usability of cryptographic libraries impacts the ability of users to deliver code that handles data securely
- What common usability traps open source cryptography projects fall into
- How authors, maintainers, and communities around open source cryptographic library can make their users successful