0.1 camppp7e6 2022-06-30 2022-07-03 4 00:05 https://pretalx.hsbp.org/camppp7e6/schedule/ 2022-07-02T20:00:00+02:00 20:00 00:30 Cyberyurt camppp7e6-33-why-use-sphinx https://pretalx.hsbp.org/camppp7e6/talk/RFUBU7/ false Talk en Sphinx is a better protocol than most of your password managers. Let me convince you to buy in the next 20 minutes to get a discount! You can even run your own server for free! s 2022-07-02T20:40:00+02:00 20:40 00:30 Cyberyurt camppp7e6-32-that-jwt-talk https://pretalx.hsbp.org/camppp7e6/talk/FCMTVK/ false Talk en JSON Web Tokens considered harmful Since JWT is more than 10 years old, it's time to reflect on how it has been implemented and used by various projects, focusing on security. We'll start from the high-level problems like the challenges of being stateless, reach design issues such as too much flexibility and finally arrive at the vast plain of cryptographic failures affecting HMAC, ECDSA and RSA as well. Recording: - [YouTube](https://www.youtube.com/watch?v=a_Njvhy3omI) - [MP4 download, Amazon S3 Frankfurt](https://hsbp.s3.eu-central-1.amazonaws.com/camppp7e6/jwtalk.mp4) dnet 2022-07-02T21:30:00+02:00 21:30 01:00 Cyberyurt camppp7e6-34-how-to-break-an-nsa-legacy-backdoor https://pretalx.hsbp.org/camppp7e6/talk/7ARNCQ/ false Fun en Last year I presented a project reverse engineering an NSA backdoor, since then I managed to break it catastrophically, I'll tell you how this works. Recording: - [YouTube](https://www.youtube.com/watch?v=_1aPngaIl6E) - [MP4 download, Amazon S3 Frankfurt](https://hsbp.s3.eu-central-1.amazonaws.com/camppp7e6/nsa-z3.mp4) s