FOSSLC is a non-profit organization that specializes in technology and know-how to record conferences with excellent quality. Click on the icons below to view great videos from communities we are actively involved with:


Everything you need to know about cryptography in 1 hour

in BSDCan, BSDCan2010, Networking, Programming, Security, BSD, Programming


Ottawa, ON
45° 24' 41.6592" N, 75° 41' 53.4984" W

Cryptography is hard. It usually takes many years of study before it is possible to make any serious contribution to the field; and even expert cryptographers often have flaws discovered in their work.

However, merely using cryptography requires far less expertise. In this talk, I will cover everything most software developers will ever need to know about cryptography -- starting from the very beginning -- along with (time allowing) some of the reasons behind the recommendations I provide.

Specific topics covered will include symmetric vs. asymmetric encryption; symmetric vs. asymmetric signatures; block ciphers; block cipher modes; key lengths; message authentication codes; hash algorithms; password handling; padding for asymmetric encryption; padding for asymmetric signing; Diffie-Hellman groups; and side channel attacks. Specific attacks will be discussed only to the extent of mentioning that they exist and explaining how cryptography-using systems should be designed to thwart them.

Colin Percival


What a waste of an hour.

What a waste of an hour. Everything you need to know, it was more about "I am smarter than you, and I am not going to tell you why". The speaker also tries to be funny. It doesn't work. Don't try it.

A bit cowardly

That's a bit cowardly to take a cheap shot like that an anonymous post. I've watched Colin's talk and I didn't feel the same way. He did point out mistakes organizations had made with cryptography which perhaps someone insecure and immature might feel as what you allege. I for one thank him for taking time to volunteer his time and share knowledge.

I felt compelled to delete your comment, but that's not our way here. Besides that, you know what they say about arguing on the internet...

Everyone's a winner?

Everyone's a winner?

if only it werent a flash

if only it werent a flash video... my macbook sounds like the fans might take it to the moon.

There's an ogg

There's an ogg (theora/vorbis) version too. This is the format we record in actually.

If you've hosted a huge amount of video, you'll get why we use a video hosting solution. The unfortunate reality is that right now almost every video hosting provider makes flash much easier than anything else.

We are moving to a new solution in the next year which should make everyone happy. It doesn't come without an increase in financial cost for hosting/bandwidth, so any support people might be willing to offer is very much appreciated. We are a non-profit and must run at break-even. Contact events at fosslc dot org if you're interested in supporting us. Thank you.

You'll likely find a cooling pad helps keep your fan speed low.

I concur with first poster: a

I concur with first poster: a total waste of your time. You're better off just spending that hour reading Applied Cryptography.

The guy is very clever, and I

The guy is very clever, and I enjoyed his sarcasm.  Very interesting talk.

Very good

The title should have been "Everything you need to know about choosing and implementing cryptographic solutions in 1 hour", but appart from this it is a very good presentation!


What's up with your website's

What's up with your website's layout? I'm using Maxthon to browse your site and the whole layout is messed up, though it works fine when I use Firefox.

Sorry, we don't know... none

Sorry, we don't know... none of us use Maxthon - looks like an interesting browser though. If I had to guess, it seems likely it isn't rendering properly. IE/Firefox/Chrome and others seem to handle our site fine. Hopefully it will one day.

And we cleaned up the spam links you added in your comment. Nice try.