On Tue, Feb 24, 2009 at 03:06:21PM -0500, Perry E. Metzger wrote:
> If you expect to be presenting things at that level of detail to
> developers, you're going to lose.
Agreed on this end. However, these are web security people, not mere
web developers. They are very sharp on complicated issues
Travis writes:
> I'm working on a presentation about cryptography to give to the Open
> Web Application Security Project (OWASP).
[...]
> In addition, I'm curious about:
>
> Which hashes are currently vulnerable to length-extension attacks. If
> I recall Bruce Schneier's book "Practical Cryptogr
Hello all,
I'm working on a presentation about cryptography to give to the Open
Web Application Security Project (OWASP). The reason why I'm giving
it is that I've seen web developers doing crypto a lot lately, and
they seem to be making some naive mistakes, like using ECB mode for
multi-block st
