[c¼h] Härtere Crypto für unsere Services

Last Thursday I gave a talk (in German) in our local Chaostreff in Heidelberg — the NoName e.V. The main topic was to introduce the various cryptographic algorithms used in modern cryptography and to give practical advice how to improve the default configuration even further. The talk mainly focuses on openssl ciphers and TLS connections as well as the settings applicable to the openssh server and client applications.

As usual you can find the slides attached below. Furthermore thanks to the camera, which NoName e.V. bought some time ago, there is a recording of the talk available on youtube.


In my talk I got the purpose of MAC codes a little confused. I argue that a MAC is required in order to prevent a plaintext recovery attack by using forged ciphertext. That is not quite true, however. The main purpose is simply to provide integrity for the connection. A good discussion why it is nevertheless a good idea to use Encrypt-then-MAC can be found on StackExchange Cryptography.

[c¼h] Vortrag: Härtere Crypto für unsere Services