How to Use Java Cryptography API Securely

Mansi Sheth, Security Researcher, Veracode Inc

Are you overwhelmed by the overabundance of choices provided by the Java Cryptography API when choosing an encryption algorithm? Are you on top of all the latest happenings in cryptographic communities and know which cryptographic primitives can be broken and how? Due to time constraints, do you find yourself copy/pasting from the internet, hoping and praying that it’s secured? If any of your answers are “yes,” come to this session. It goes over all cryptographic primitive: RNGs, encryption/decryption algorithms, HMACs, and so on. The presentation points out areas that require careful attention, helps you make correct algorithmic and keying material choices, and provides plenty of code examples showing correct and incorrect usages.