2025-08-04 –, Pearl
Using cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world, including CVE-2020-0601. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with a tool written in Python to execute the attacks. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap. The exercises will range from decrypting ciphertext to recovering private keys from public key attacks allowing us to create TLS cert private key and ssh private key files.
This workshop will discuss the theory and practice of cryptographic attacks. We start with symmetric key cryptographic attacks starting with stream ciphers and how reuse of keystream can lead to exposing the plaintext. From there we move on to other symmetric key attacks.
After the symmetric key attacks, we move on to the public key attacks that will primarily focus on private key recovery. Attacks on the keys will also include exporting to standard private key files. Many of these attacks can even be relevant to TLS and ssh as we will discuss.
Matt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given workshops at the Boston Application Security Conference, BSidesLV, DEF CON, and the Crypto and Privacy Village. He now serves on the programming committee of the Crypto and Privacy Village.