Last Thursday I gave a talk (in German) in our local
Chaostreff in Heidelberg — the
NoName e.V. The main topic was to introduce
the various cryptographic algorithms used in modern cryptography and to
give practical advice how to improve the default configuration even
further. The talk mainly focuses on openssl ciphers and TLS
connections as well as the settings applicable to the openssh server
and client applications.
As usual you can find the slides attached below. Furthermore thanks to
the camera, which NoName e.V. bought some time ago, there is a recording
of the talk available on youtube.
Corrections
In my talk I got the purpose of MAC codes a little confused. I argue
that a MAC is required in order to prevent a plaintext recovery attack
by using forged ciphertext. That is not quite true, however. The main
purpose is simply to provide integrity for the connection. A good
discussion why it is nevertheless a good idea to use Encrypt-then-MAC
can be found on
StackExchange Cryptography.
