FOSSMeet 2017

FOSSMeet is an annual event at NIT Calicut that brings together the Free and Open Source Community from around the country.

Sachin A

@sachin_a

Working with Mozilla on Security

Submitted Jan 10, 2017

An overview of Blake

  • Blake and Blake2 are cryptographic hash functions designed by a team of experts in cryptanalysis, implementation, and cryptographic engineering; namely Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O’Hearn and Christian Winnerlein.
  • Blake2 is an improved version popular among developers which is faster than MD5, SHA-1, SHA-2, and SHA-3.
  • It is at least as secure as the latest standard SHA-3 and has been adopted by many projects due to its high speed, security, and simplicity.
  • Blake was one of the five hash functions in the final of the NIST SHA-3 Competition

An introduction on how to contribute to security tools through Mozilla’s student programme.

  • The Winter of Security (MWOS) is a program organized by Mozilla’s Security teams to involve students with Security projects.
  • Projects are focused on building security tools, and students are expected to write code which must be released as Open Source.

A good takeaway for the audience would probably be the realization that some of most useful and powerful privacy tools like Pretty Good Privacy (PGP) or Tor have roots in rather humble open source projects or academic ventures started on a whim.

Intended for beginners in security interested in contributing to safeguarding the internet :)

Outline

Why are cryptographic hash functions a big deal?

  • What do they do?
  • And why should you really care?
  • An overview of how systems deal with hashes
  • How not to store passwords
  • What standards do we follow?
  • SHA1, SHA2, SHA3?
  • Public Key Cryptographic Standard #11? How did we get here?

What is Blake?

  • General overview of Blake
  • A little bit of history
  • The algorithm
  • Optimizations for hardware and software
  • An overview of the optimizations introduced in Blake2
  • Benchmarks against existing hash functions
  • What can Blake do for password hashing?
  • Enter Argon! The winner of PHC
  • Delve into code! (C implementation)

Getting involved with Mozilla

  • What’s Mozilla Winter of Security?
  • Projects offered in the 2016 edition
  • What is Network Security Services (NSS) and what do they offer?
  • How can I set up up my application to use NSS?
  • How do I contribute?
  • Writing secure code
  • Conforming to standards
  • Making patches

Speaker bio

Bio

I’m a junior at NIT Trichy currently pursuing my bachelor’s in Computer Science & Engineering.
I’m a software developer who innately supports security as a scientific endeavor. I participate in Mozilla’s Winter of Security and work with Mozilla on security tools. I’ve also been in the top 100 in India for Build the Shield 2016, Microsoft’s CTF.
I’m an active member of Delta, a computer science club @ Nit Trichy. We frequently hold workshops for juniors interested in Computer Science. I also occasionally pen articles for bits and bytes, a computer science newsletter.

Motivations

I fiercely support the free software movement and contribute to open source as a gesture of that support for FOSS.
Passionate about open source technical solutions that can protect our privacy and impede unfair internet surveillance.
Generally interested in free software, free speech and humanity for all.
It’s going to take all of us.

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

FOSSMeet is an annual event on Free and Open Source Software, conducted at National Institute of Technology, Calicut. The funnel is a space for proposals and voting on events. more