If It Ain't Broken, Do Fix It (camp2023)

Security is hard. Modern programming languages help us with memory and type safety, but, even with bleeding edge frameworks and libraries, *getting your crypto right remains hard*. We will take a look at recent cryptographic breaks in **Matrix**, **Threema**, **Bridgefy** and **Mega**, explore the modern cryptographic best practices and why they matter, see what makes **TLS 1.3** special, and discuss how to get to a more secure world together! This talk is a primer in modern cryptographic best practices, supporting them by examples of recent breaks and vulnerability disclosures. With cryptographic failures showing up every other day in security news, and placing #2 in the "OWASP top 10" web application security list, we want to show why apparently innocuous mistakes can make things go disastrously wrong. We plan to dedicate a part of the talk to open discussion, gathering feedback from developers and maintainer of open source cryptography, with the long term plan of building an high-level cryptographic library that should make developing new cryptographic protocols easier and more secure. about this event: https://pretalx.c3voc.de/camp2023/talk/TNUDTX/