PyCon Pittsburgh. April 15-23, 2020.

Tutorial: Correct Cryptography in Python, a Tutorial for Cryptography Beginners

Presented by:

Ellie Daw, Seth James Nielson

Description

Cryptography is commonplace in technology today, from storing passwords in application development to checksums for downloadable content, it is paramount that cryptography is implemented correctly. Unfortunately, Cryptography is very easy to get wrong and very difficult to get right.

In this tutorial, we will show how to use a number of common cryptographic primitives, but we will also work through examples of breaking misconfigured/misunderstood cryptography in class. We will start with simple hash functions, work through symmetric and asymmetric cryptography, and talk about how these mechanisms are combined in common protocols, such as TLS and Kerberos. As we walk through all of the interesting ways in which cryptographic technologies have been misused or proven exploitable, the attendee will gain a greater appreciation for how fragile these kinds of operations really are.

Attendees will walk out of this workshop with foundational cryptography knowledge that will enable them to practice and experiment with cryptography, write scripts for testing/analyzing cryptographic deployments, and the ability to better understand the cryptographic world around them. While this course will emphasize all the reasons why beginners should not be using ANYTHING we teach in production code, it will enable the learner to improve their understanding and ability to interact with cryptographic systems.