Wolf Rentzsch tries to scare Andrew Pontious with all the decisions you’re likely to get wrong when implementing a cryptographic system and gives some advice on how to cope. (To skip the beginning infodump, start at 7:50.)

Links:

• All the crypto code you’ve ever written is probably broken « bascule
• Block cipher mode of operation, Electronic codebook (ECB) « Wikipedia
• Padding oracle attacks: in depth « SkullSecurity
• Block cipher mode of operation, Counter (CTR) « Wikipedia
• Message authentication code « Wikipedia
• SHA-1 « Wikipedia
• Don’t Hash Secrets « benlog via Wayback Machine
• Everything you need to know about hash length extension attacks « SkullSecurity
• Matthew Green (matthew_d_green) « Twitter
• A Few Thoughts on Cryptographic Engineering
• Crypto APIs « USENIX
• Applied Cryptography by Bruce Schneier « Schneier on Security
• In defense of Applied Cryptography « A Few Thoughts on Cryptographic Engineering
• Cryptography Engineering: Design Principles and Practical Applications, by Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno « Amazon.com
• Some SecureRandom Thoughts « Android Developers Blog
• OpenSSL: The Open Source toolkit for SSL/TLS
• OpenSSL Fact (OpenSSLFact) « Twitter
• NaCl: Networking and Cryptography library
• Introducing Sodium, a new Cryptographic Library « Umbrella Security Labs
• Keyczar
• Libraries « GnuPG.org
• Security Transforms Programming Guide: About Security Transforms
• How To Safely Store A Password « codahale.com
• Applied Cryptography Engineering « Quarrelsome

Rejected Episode Titles:

• I Don’t Know What That Is
• One of the Dense Shows
• I’m Butchering His Name, But I’ll Put a Link In
• All the Crypto Code You’ve Ever Written Is Probably Broken
• The Newish Hotness
• That Has the Word “Secure” in It
• Their Internal Bit Blender State
• The Point Is: You Probably Wouldn’t Get This Right
• I Want to Have Some HotSec
• The Thrust of What This Episode is About
• We’re Domain Tourists
• I Don’t Want This to Devolve into the Grep Thing
• The Methodology of Test and Fix
• It’s Like Tech Journalism
• I’m So Hipster, I Had the Blue Cover Book
• My Personal Rebellious Story Against the State, Man
• All Sorts of Feelings of Power There
• As Much As You Can Steal a Non-Physical Item, Which Is, I Guess, a Point of Philosophy
• It Took the Money Incentive
• Misused by People Like Me
• If You Want to Be a White Hat, You Can
• Let Me Tell You, It’s Not a Friendly API Whatsoever
• All Shipping Code Has Bodies Buried in There
• You Should See This Build System, Man, It’s Crazy
• I’m Wrong About Some of the Stuff You’ve Listened To
• A Mindset That Goes Well with This Podcast
• Another Joe Programmer Who’s Pissed Off