Posted on

RSA 2017 San Francisco

It’s RSA conference time.  In the 21st century this is yet another fairly large fairly loud security trade show.  It is — psst don’t tell anyone — also a crypto conference.  However, here in the 21st century, we apparently have to not only wonder about the next big crypto thing, we have to worry about bad crypto out there in the wild.  40 bit Crypto-1 keys in Mifare cards.  AES in CBC mode in cases that definitely should be using GCM.  Vendors shouting “we use AES!” – for their homebrew IoT protocol they think nobody’s going to attack.  RSA keys used in the most amazing variety of malformed, ill-concieved, and poorly deployed TLS certificates.

Yeah, I’m headed to the show floor.   Even though I’m often dealing with pre-quantum cryptography and not this weeks’ swoopy-cool mathematics.  After all, the show floor will be full of vendors claiming to deliver brighter white packets from bigger blacker boxes.  Only a few of them actually do crypto.