Fantastic Crypto Bugs and Where to Find Them
I was invited to present at the Open Source Cryptography Workshop, part of Real World Crypto 2023 in Tokyo.
The organizers proposed that I demonstrate how to find crypto bugs in open source software, live on stage! I said yes immediately, couldn't resist the opportunity for some fun. Plus, who would turn down a chance to visit Tokyo?
Here is the slides deck, hope you’d enjoy it:
https://docs.google.com/presentation/d/1gMvkF-Tew1H9oF3Lh2IeQpOkk3bzSpE_TUj00hoztBE
Although it may seem elementary, we did discover several bugs during our live demo. Interestingly, someone later revealed to me a padding oracle bug in a rather important chat app, which proves the effectiveness of the approach.
Drop me a line if you find any bugs!
PS: The presentation was my last project as a Google employee. Crypto brought me to Google, I thought it’s quite neat to end this unforgettable chapter of my life with a crypto project.