2022-07-02, 20:40–21:10, Cyberyurt
JSON Web Tokens considered harmful
Since JWT is more than 10 years old, it's time to reflect on how it has been implemented and used by various projects, focusing on security. We'll start from the high-level problems like the challenges of being stateless, reach design issues such as too much flexibility and finally arrive at the vast plain of cryptographic failures affecting HMAC, ECDSA and RSA as well.
Recording: