Now back in HD: the CloudFlare Cryptography Meetup series. A while back, CloudFlare hosted a pair of Meetups focused on encryption and cryptographic technology. Now that CloudFlare HQ has moved into our beautiful new home at 101 Townsend in San Francisco, that we’ve decided to bring the crypto back.
In this series, we’ve invited experts from academia and industry to talk about the cryptographic protocols they are working on and to share experiences around deploying cryptographic applications in the real world. This is the place to geek out on crypto!
These talks are intended to explore interesting new crypto topics in an accessible way. It aims to be informative and thought provoking, and practical examples are encouraged.
We’ll start the evening at 6:00p.m. with time for networking, followed up with short talks by leading experts. Pizza and beer are provided!
Whether you're a cryptography hobbyist, an industry expert or just interested in the subject, come visit CloudFlare’s world headquarters at 6:00pm on April 21st. RSVP here on Meetup.com.
The confirmed speakers for April 21st are Brian Warner, Zakir Durumeric and Amine Kamel.
"magic-wormhole" is a simple tool to move files from one computer to another, like "scp" but without the setup. By telling the recipient just a few secret words, the file is safely encrypted and delivered directly to the correct machine. The talk will explain the security mechanics, the cryptography (NaCl and SPAKE2), and how to use the underlying open-source library in your own applications.
Brian Warner is a security engineer and software developer, having worked at Mozilla on Firefox Sync, the Add-On SDK, and Persona. He is co-founder of the Tahoe-LAFS distributed secure filesystem, and develops secure storage and communication tools.
Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security
Is your email being sent in the clear? While PGP and S/MIME provide end-to-end encrypted mail, most users have yet to adopt these practices, and for users who have, metadata, such as the subject, sender, and recipient, remain visible everywhere along a message’s path. SMTP—the ubiquitous mail transport protocol—has evolved over the years to add encryption and authentication, both of which take place behind the scenes and help guard against surveillance and spam. While these features are being increasingly deployed, our research shows that they are almost always configured in vulnerable ways—the details of which are hidden from the users sending and receiving mail. Even more disturbingly, these vulnerabilities are being widely exploited in the wild: in seven countries, more than 20% of inbound Gmail messages are downgraded to cleartext by network-based attacks. In the most severe case, 96% of messages sent from Tunisia to Gmail are downgraded to cleartext. In this talk, I’ll introduce protocols used to protect SMTP and and describe the current state of mail security on the Internet. I'll describe several commonly occurring attacks, weaknesses in the protocols we're using and recent proposals for helping secure email transport.
Zakir Durumeric is a Ph.D. Candidate in Computer Science and Engineering at the University of Michigan and Google Ph.D. Fellow in Computer Security. His research focuses on network security, particularly how global network measurement can improve the security of heterogeneous distributed systems. Zakir is widely known for creating ZMap—the Internet-wide network scanner capable of scanning the entire public IPv4 address space in minutes—and Censys—the search engine that allows researchers to analyze the devices that compose the public Internet. His work has been awarded numerous distinctions, including the IRTF Applied Networking Research Prize and best paper awards from USENIX Security, ACM Conference on Computer and Communications Security, and ACM Internet Measurement Conference. He was named one of this year's MIT Technology Review’s 35 Innovators under 35.
Deploying HTTPS at the scale of Pinterest
Amine will share the behind-the-scenes story of how Pinterest moved from HTTP to HTTPS.
Amine is the security engineering lead at Pinterest.
To whet your appetite, check out some videos from previous CloudFlare Crypto meetups.
CloudFlare Crypto Meetup Teaser.
Steve Weis: Crypto Projects that might not suck.
Adam Langley: Fun with hashes.
Jonathan Matson: U.S. Controls on Open Source Cryptographic Code.