Camp++ 0x7e6

That JWT talk
2022-07-02, 20:40–21:10, Cyberyurt

JSON Web Tokens considered harmful

Since JWT is more than 10 years old, it's time to reflect on how it has been implemented and used by various projects, focusing on security. We'll start from the high-level problems like the challenges of being stateless, reach design issues such as too much flexibility and finally arrive at the vast plain of cryptographic failures affecting HMAC, ECDSA and RSA as well.


See also: Presentation slides