Change the future

Saturday 4:15 p.m.–5 p.m.

Crypto 101

Laurens Van Houtven

Audience level:
Best Practices/Patterns


An introduction to applied cryptography and information security suitable for programmers of all ages and skill levels.


Cryptography is a tricky subject.

There's an infinitude of ways to get it wrong, but there's only a few ways to get it right. Failures are usually silent, and only evident once it's too late.

This talk will touch on basic cryptographic primitives and tools: just enough to know what they do, when and why you'd want them, and just enough to satisfy basic curiosity.


At the end of this talk, attendees should know how to use the available cryptographic tools to build larger systems that involve cryptography. They should also have some basic understanding of how some common systems compare, and also a sense for detecting and exposing snake oil.

People won't leave the room as newly minted cryptographers, but I hope they'll leave a lot less likely to shoot themselves in the foot.

Target audience

This talk is aimed at programmers of any skill level that lack crypto chops.


  • One time pads
  • Block ciphers
  • Stream ciphers
  • Diffe-Hellman key exchange
  • Hash functions
  • Password Storage
  • Message authentication
  • Asymmetric encryption algorithms
  • Putting it all together: a high-level walk-through of TLS

While going through these subjects, I'll touch on several kinds of attacks, illustrated by practical example:

  • Replay attacks
  • Extension attacks
  • Man-in-the-middle attacks
  • Chain of trust issues

If I have additional time (which I doubt), I will cover timing attacks and how they pop up in practice.