DEF CON 30 - 2022-08-21
DEF CON is a hacker convention. It welcomes the complete spectrum of actors in the security space. Every official function that requires money will only take cash. By design DEF CON executes in a way where no know-your-customer rules apply. No logs are recorded of who attends. And so no legal process can collect what does not exist.
There's a lot of lore and cautionary talk people give online. Bring a cell phone you don't mind being destroyed. Bring laptops you don't mind wiping. Only bring cash and no cards.
This was my first experience and I saw differences from the lore and hype in person.
What brought me to DEF CON
I knew several who were going, but not enough that it would be socially worth the time, travel stress, and expense to go. At the last minute I committed to going.
It was not just furries, the community I feel a part of, that tipped the scales in me going. Several in the cryptography circle were going.
My goals were professional and personal:
- to see what I'm missing in application and cloud security that others know or should know;
- meet with other cryptographers and establish an in person relationship;
- be exposed to different ideas;
- witness what others in the hacker-space feel is important;
- and meet with those I only know online and possible those who I normally would not meet online.
Traveling to DEF CON
Like any other trip, every single plane was full with no seats to spare. Still, the first one (of four) at had a shared destination.
We did not talk much though except when waiting to disembark.
When I arrived to Las Vegas, I followed other people to find the baggage claim. Unfortunately... there were two baggage claims physically distant from one another.
Before DEF CON starts
Turns out, Black Hat (the more professional of the two) and DEF CON overlap on Thursday. Unlike DEF CON, Black Hat did not require masks in the conference space.
Well great. Some portion of the overlapping attendees are probably going to spread stuff.
Thankfully at the time of writing, I appear to be negative and have no symptoms.
I meet with the room host and get my key and check in. The room in Harrah's had an open shower in the bathroom. There was no sliding door. What a weird design... Because of that a lot of water was constantly getting on the floor whenever I or another used it.
The first thing I see once I get into Caesars Forum is this huge animated wall. This was the first of many wall-wrapping screens I've seen in Vegas, but the first time was eye-opening.
With any convention, the first thing to do is registration. "Where's Line Con?" someone asked a Goon while I was trying to figure that out for myself.
I oriented myself with a sign nearby and than managed to walk behind a map poster being transported to a newly set up info desk.
Line Con, as it is called, is waiting in line at a convention. The queue for human registration, yes it is called "human registration", took about an hour and much like any furry convention there were balloons and inflatable beach balls flying around to pass the time at the front of the line.
Near the front was a cute choose your own adventure sign.
I pay, in cash, for my badge to attend the convention and this gives me a badge. No ID check, no age check, no personally identifying information transcribed or written. A simple exchange of money for hardware.
During DEF CON
Turns out on Thursday nothing happens. Black Hat is still going. Some went into the swag line for 5 hours, but I did not. I still would not. A hat, a shirt, these things are not worth 5 hours of pain to me.
That night I met with Soatok in person. We have several things in common. He started earlier in his security focused journey than I did and it shows. I learned the details of what his professional circumstances and expectations are and the projects he is involved with. There's no way I would find his current project fun or engaging. I do believe that said project is incredibly important and impactful, but it would likely burn me out.
The next day I check out the Crypto and Privacy Village. A third of the convention space was held elsewhere, not in the Caesars Forum but in the Flamingo Hotel. It was an aged space with absolutely terrible navigation options. I wandered into the wrong space a few times and had to ask for help.
Later I find the closest elevator that would bring me there instead of using an escalator half way down the whole hotel.
The fastest route I had took around 13 minutes from the Caesars Forum. Unfortunately not enough time to go to back to back events. I missed out on a few talks because of that.
I head to the cryptography and privacy village to attend my first village presentation.
It was by Sc00bz about OPAQUE. For the slides, check out Demystifying Key Stretching and PAKEs.
After the high of a great experience at the Crypto and Privacy Village, I went over to the App-Sec village. The presenter was preaching about SAST and adding it to development flows. My employer, with some influence from me, uses GitHub for SAST. We had to negotiate away the hand-holding setup fee since we already figured it out during the trial. I did not hear much about DAST.
The App-Sec village was very sponsor-heavy. Amazon and other brands were prominently visible in the backdrop. There were a few capture the flag challenges in the room, but I did not feel motivated to camp in a crowded loud space to figure them out.
Oh well, back to the Crypto Village.
Santiago Kantorowicz introduced himself as a security officer for Authy, which is a part of Twilio. Soatok, fursuit and all, joined me for this talk. But he was zoned out. Santiago introduced himself in this way: "I'm not a cryptographer, I am an enthusiast."
The presentation was titled "[T]OTPs are not as secure as you might believe". Indeed Santiago's delivery was successful and compelling. It was based on math. Even if that math was off by an order of a magnitude, it is truly scary to consider.
He showed how Uber does its OTP over SMS
With Uber's 4-numerical OTPs, he found the security profile to be shockingly bad. OTPs can be noisy, but TOTPs can be silent. A system can check TOTPs over and over and never tell the user. Google might, they care about your account being compromised, but not other sites.
Well, what about the standard six we have? Turns out those aren't much better! The entropy is just not on our side.
Next he gestured and mentioned something like how we scale up key sizes. He may have mentioned RSA in kind. What about 8 numbers?
If you don't want to have any account compromised, user credentials have been successfully gathered and accepted by your system, you need to do a lot more than just have more characters. Per account rate limits are not enough either.
What options and mitigations should we consider?
Santiago suggests a wider character set, maybe base58. More characters. Per account and request-source rate limits. Even captchas.
Sheesh. Involving a human for security is just not worth the complexity here. People use phones for OTP and TOTP codes... let us get Apple and Google passkeys to people faster.
At the end, I asked if an interactive proof of possession could be considered by providing multiple subsequent 6-digit TOTPs when an account is under duress. Santiago agreed that it provided more entropy and could be used as a defense mechanism.
When the talk wrapped up, I concluded that Santiago knew what he was talking about, what he was working with, and had a mind attuned to the right perspectives as a security officer.
After the presentation, I got Soatok some water and took a picture with him in front of a bright neon sign.
Naturally, I agreed.
There were other signs throughout the con, though I do not remember them as vividly.
At this point I may have brought up a talk I was interested in but unlikely to have time for to Soatok.
Later, I checked in with the DEF CON Furries (a.k.a. "DC Furries") group, paid for registration in that group, and socialized for a short bit. DC Furries is more than just a social hangout though. A schedule for talks presented at that convention-within-a-convention was available in the hacker tracker app and everything. It even had a hotel specific deal made for room reservations within the DEF CON room block. This is not some fringe group of friends getting together, a real community exists here.
I learned how dire the supply chain shortage had become for those that make hardware. There is a reason the DEF CON badge this year used a Raspberry Pi micro-controller, others are "unobtanium".
A mere voltage controller for the furry-specific badge board was slated to be available December 2023.
I was invited by the speaker for one of the Sky Talks on his presentation on breaking DRM, so I was excited to do that.
Then for a moment Filippo dropped in for the scav hunt. He needed to find a "Flurry of Furries". I got one of his glow in the dark Age stickers too!
As I was in bed napping the poison away, I saw flashes of light outside the window. It was raining!
The above video may seem amusing but the fact is: people died. Las Vegas does not have any storm drains on the road.
Thankfully the head aches went away and I was well rested after ten hours in bed.
DEF CON has a reputation of a lot of attendees drinking. "It is Vegas!" some say. Indeed, you can find a bar to drink at 24/7 in the area. Taxis and Uber is available at all hours at each hotel. It is insane how un-sleeping the area is. I brought eye masks with me to this event, if you ever visit I recommend the same. The shades never fully close to offer a truly dark night.
Soatok hinted that the OAuth talk this morning would be interesting so I headed that way. I arrived early, but not early enough to just walk in.
I had to wait in a line for twenty minutes to get in to the talk. Honestly that wasn't long compared to other aspects of this convention. Unlike Privacy and Crypto Village, Cloud Village had less seating, a shared room with an absolutely noisy neighbor (adversary village) and not enough loud speakers for the audience to hear.
Thankfully Cloud Village was physically next to Privacy and Crypto Village, so I could flit between areas quickly. The rest of the convention area was twelve to fifteen minutes away without traffic.
I go into this OAuth talk knowing a fair bit from my own self-learning. I am planning to implement an OAuth service, after all. OpenID too, maybe.
This presentation primarily focused on two high value implementations: Microsoft and Google. Here's where Google and Microsoft are similar: both treat their own applications as special and tokens issued to one application can be used in other applications. You know YouTube? If you login to Google and visit Youtube, you never had to log in.
It turns out Microsoft especially has a serious problem. A token issued to an "Outlook" public client can be exchanged for Active Directory access. A successful phishing attack against an IT admin can be more than a business impacting event.
Also, Google Cloud CLI had an escalation problem. After this was reported, significant constraints were placed onto tokens issued to that client. Now lateral and escalating actions by a token acquired through that client are prevented.
Also, and I personally experienced this, Google CLI had this awkward flow step at the end where the user would copy a token from the web page and paste it into the CLI that launched the authorization.
The problem with this is... what if the CLI did not launch the authorization, what if someone was primed into this and then pasted it into some "Hey collect your Google raffle winnings!" scam? The correct action here is to have a local server set up and to have a redirect URI set to the local server to collect the authorization code grant.
After my shocking experience with the OAuth presentation, I heard from Soatok that he was going to the quantum talk.
I head back over to the Privacy and Crypto Village and attend a talk about PII being a zombie. I missed the start, but it was still a compelling presentation.
So why call it a zombie? "PII" is not a useful term in practice. Any detail about you that can be correlated with high probability to you.
The presenter brought up a case study of Netflix releasing movie ratings. She said something like 60% of the customers could be identified with only three points of data.
NIST's definition becomes more broad than just "name", "phone", "social security number", "age", "ethnicity", and the like.
In practice, 15 binary attributes can uniquely identify 99% of US citizens.
At this PII talk, I learned that Facebook is not only selling personal data, but is buying it back with enriched attributes from their partners. Google, Amazon, and Apple may not sell their data, but they're likely buying this data too.
Oh, and it is totally not against the law for federal agencies to also buy this data. What are they doing with it?
I came out of this talk with a better understanding of how literally any data collected about me can be used to identify or manipulate me.
Around this time I saw that Thomas Pornin announced a new optimized variant of double-odd elliptic curves for use in signatures.
I took a look and saw several nice things. It prevents multiple canonical signatures due to the cofactor (Ed25519 has 8, Ed448 has 4), isn't quite a creative workaround like ristretto and decaf, has comparable performance and security strength, and has even shorter signatures!
Between talks and when waiting in line I was eagerly reading about these double odd curves.
Before lunch, I went to one last talk in Cloud Village. This one also included OAuth! But QR Codes! How fascinating.
Unlike the TOTP talk, which describes brute forcing OTPs which can be noisy, this presentation is all about phishing the user into entering the OTP into an adversarial interface.
Again, the target was Microsoft.
The idea with this attack (SquarePhish) is:
- A victim receives an email which prompts action. It says that they will receive a code and to put it into another link (also included) in that email .
- The victim scans the QR code, it goes to the adversary's own site that begins with something Microsoft-Official looking but gets truncated on the mobile device.
- The adversary's backend initiates an OAuth device flow for the official Microsoft public client in the official Microsoft OAuth consent process and redirects the victim to Microsoft.
- While the victim is occupied with the official consent flow, the adversary's backend collects a device code token and sends it via email to the victim. This meets the expectations set in the initial email.
- The Microsoft backend prompts the user for what the device token is, the user remembers to check their email and conveniently finds the token (which has a lifetime of fifteen minutes).
- The victim presents the device token to Microsoft and Microsoft accepts it. The screen says they can close now.
- The adversary polls for a refresh and access token and acquires it now that the user has completed the device code authorization flow.
As mentioned in the last OAuth talk, the refresh token can be used across Microsoft products. Tokens for other services are acquired automatically without any consent or active prompting to the victim. The victim, their data, and their organization is now freely accessible to the adversary to ransom and destroy.
Also they might have said "We used gmail for this attack, but if you want to seriously execute it to many targets, get your own SMTP server."
I went out to lunch while Soatok attended the quantum cryptography talk. There's a whole quantum village, but I never peeked inside. Same with the password village. The distances were just too much and waiting for food took 30-80 minutes just to get a seat.
After lunch, I was with two others in line to go to Sky talks. We wander around until we finally find the location and join the end. My intention was to go to the one I was invited to about DRM. It was quite a wait so I read more of the double-odd curves to figure out its properties.
Someone, not a Goon so likely a volunteer, was wandering along the line selling some sort of "Sky Talk" badge. Something about how to support sky talks and staying back to back between talks. Others would be sweeped out. He was only accepting cash.
Well I was in line for the four pm talk, so I didn't think I needed it.
Thirty minutes later everyone ahead of us moves in. I thought the previous session ended and we were finally being seated for the four pm sky talk. I go up at 3:45 and someone is talking. Lots of people were already seated. I heard discussion from several panelists about war and Ukraine.
I'm not in the right talk? No, what happened was: I was shoved into the very end of the prior talk, one that lasted two hours. I did not have a badge.
I get separated from my friend because there are no seats near each other.
Goons are carefully examining everyone's lap and hands, they are serious about not allowing any recording. There were signs that said people would be asked to leave. The threat of "We will break your phone" was not visible anywhere. Everyone is quiet as the panelists talk. One person's phone starts going off with some amber alert or something. Then their Apple Watch goes off. A Goon was standing near her to ensure as she shut things down it was not some disguised recording.
I took out my note pad and wrote notes down, as others were doing.
In short here's a redacted bit of what I heard.
- Ukraine isn't doing well, for several reasons.
- Russia has several hidden data centers throughout Ukraine.
- Russia's security is actually quite bad, there were passwords on the wall in the hidden data center presented to us on the projectors.
- We will never have any sort of "cyber gun". We cannot reliably assess if a technical resource has been disarmed remotely.
- We are seeing an emergence of "information warfare". The US is behind. Other countries are ahead and it shows.
- The US press is only reporting on information from English sources and has repeatedly spread Russian-sourced misinformation because it is the only English information available.
- Ukraine has permitted some Russian-sourced misinformation to spread among their own people, the warning that all male adults must stay in the borders in case they are called to fight is misinformation. (I have not personally verified this.)
- More families are staying in the country because their male family members are not leaving, for fear of being denied at the border for asylum.
- This has lead to constrained resources and space in the country as many are made homeless due to the ongoing war.
- Russia is translating their story for China and India. Those countries are hearing only that side of the story. The English side is also incomplete.
- Your identity online will not be tied to name / ssn, it will be tied to the web of devices that are bound to you, that is: the internet of things.
In retrospect only thirteen minutes passed and it was a lot of information. (I did not include everything here). But the thought of being kicked out for the next talk was unsettling me. I felt my heart skip a few times and even though I had lunch about two hours prior, I could tell my gut had ceased.
As I was heading down the escalator, Soatok went into the room wearing one of the sky talk badges on his fursuit ears. He was able to attend the DRM talk despite the current one being about warfare.
I turned on my phone, ranted a little and headed to the Crypto and Privacy village. I sat down at one of the tables, but I could not stop cradling my head. So I tried to go through and read some fiction. I could not. I tried to continue my reading of the OpenID specification. I could not.
When I concluded I could not function in that space I headed to the DC Furries place. I was a wallflower of a zombie for an hour and found I was not finding any comfort.
Then I move to my hotel room and just do nothing for an hour.
I got a compassionate invite to go to another talk, this one was closer since it was in the Caesars Forum: Digital Skeleton Keys. On the way, I had to keep myself from clenching my teeth. My friend who invited me there could not make it, so I was alone for this presentation.
This talk was held at Track 4, one of the live streamed and professionally recorded stages. The room was at ten percent capacity. Huh, with rooms so big I would have expected more people, but it doesn't work that way.
You know how hotel keys use RFID to authorize passage through exterior doors, elevators, and ultimately the specific hotel room? The general means for RFID access was described in this talk.
A key can be programmed with a set of data and the reader can read that set of data. The reader may decide if the data presented is authorized to unlock that portal.
What the speakers described was that every door in an organization had its own unique logically incrementing identifier and that just having the identifier was sufficient for access.
I did not see any discussion about signatures or forgeries. They could just stuff more data on the card.
The authors found that the reader did not care where the door numbers started so long as an offset was properly set. They found they could add over 800 doors to a single key card and any reader would accept and authorize them.
They dropped a bomb shell after showing how the data fits together and how they achieved access to any installations with this vendor's system.
The vendor took like six or nine months to respond and their response was not great.
The transition process would require every door to be removed from site, upgraded at another location, and reinstalled twice. Existing cards would stop working with the first upgrade. All existing cards would need to be reprogrammed or re-issued and would not work until the second upgrade.
Given that there were two upgrades, I think that they meant that existing cards would stop working at the second upgrade as the reader would be in a state which accepts old and newly issued cards with a proper fix. Assuming the fix is proper.
Here's the bomb shell!
Most of the presentation looked like a CLI. While cute and with the theme, it was hard to read from the audience. Pretty much every projection surface was washed out because of poor lighting or cheap fabric which reflected ambient light.
The one who invited me was still busy with a capture the flag, so I headed back to the room. To get back to the room without breaking down I had to employ breathing exercises, continually check and unclench my jaw, and similarly un-ball my fists as my fingers dug into my palms. I received and recalled the information clearly from that moment, but I was still not okay.
I get to the hotel room, others are there and I just chill on the bed. I try reading and make more progress this time on the OpenID Connect Core specification. Later I shower, a self-care activity for me, and after I get out I finally feel my stomach function again. The intense anxiety had finally lifted away and I was in a far better mood.
Still, due to head aches and the anxiety attack, I feel like I lost about a full day of the convention now.
I woke up around 6 AM and saw that people were already departing DEF CON on Twitter. I close my eyes and sleep some more.
The next time I open Twitter I see panic.
That sure was a way to start the morning... It seems organizers of talks and events knew there would be departures Sunday, so everything else on the schedule felt a lot like leftovers.
Sunday was a slow start but I did get out bed and my anxiety had waned.
I reviewed the schedule and chose a few to go to. In retrospect I wish visited some of the other villages but my comfort zone was important given how sensitive yesterday made me.
First up was Finding Crypto: Inventorying Cryptographic Operations!
The slides were pretty wild at times, out of context they make little sense.
The premise though is when weak algorithms like MD5, RC4, and DES are declared weak and they should no longer be used for cryptographic purposes. The first step to not using something is to know where it is used so it can be removed!
The speaker specifically mentions, yes there are paid solutions to all this. But the Privacy and Crypto Village is not a place for paid sponsorship presentations. He specifically and intentionally described how to use free open source tools to achieve cryptographic inventories that provide SAST to discover algorithms in use. Remember the App-Sec village? They did not show any open source solutions, only a paid solution which the presenter had an employment relationship with.
I found this comment on standards bodies being slow to be quite funny. But seeing An efficient key recovery attack on SIDH come out after SIDH had been in consideration (as SIKE) by NIST for a few years gives some respect to the slowness for the mathy parts of cryptographic constructions.
But back on the topic of crypto agility. It appears that Google Tink (I use Tink at my job and I am the one that introduced it) has crypto agility built into its goals and design.
But Quantum Key Distribution (KQD) which QuintessenceLabs sells hardware for seems to be snake oil. No offense to snakes intended.
The presenter is absolutely in touch with the times and I am glad to see that at DEF CON.
Back to back with the crypto inventory talk came another, IAM Deescalation! Whoa, what is that? AWS Identity and Access Management (IAM) is the core machine and human authorization policy infrastructure of AWS. It comes with authorization impersonation known as AssumeRole. Thing is, it is possible with organically created IAM policies to end up in a world where one user can escalate their privileges by jumping across roles.
This talk was especially hard to hear, the Adversary Village was so loud, had more speakers, and this speaker had a very soft voice.
He described a process where one analysis tool would explore all IAM roles and permissions and develop a DAG of all roles that could be escalated to. Then, by consuming the output of that process, he could apply inline policies to prevent that role from escalating to roles beyond the intended purpose of the user's authorization.
After running the analysis again, he was able to negate every finding provided by the original analysis software. Other implementations either did not account for inline policies or had more findings than his chosen source provided.
I am used to thinking in an enable-only mindset, so the deny capability in IAM never really clicked for me. The presenter's inline policies that deny assume roles made sense in practice and helped me understand that feature of IAM.
After getting some water, I returned to the next talk in Cloud Village, this one was also about AWS! Curious... I have not seen much about GCP or Azure at all at DEF CON. Besides Microsoft being a bad example with cross-product authorization.
Ah yes, SNS webhooks. So SNS won't just blindly start pushing somewhere to accept SNS events! There's a handshake involved here and it is annoying for sure as an application developer.
See, the web request from AWS will include a field that says, look here! Here's my PEM key I used to sign the request! And it literally could be hosted anywhere. It is up to the application to verify the key is trusted prior to acting upon the request. It is also up to the application to check the signature in the first place too! And many do not!
So how did the official AWS library verify the FQDN was authentic? Regexes of course!
And like any regex, there are unanticipated gaps. Someone made a publicly writable bucket and the discoverer of this issue could write any PEM they wanted to it! The official library accepted it as is.
When brought up to AWS, they banned the bucket, put in preventions for similar bucket names in the future, and did not update the library.
The day was winding down and the schedule did not have much interesting for the next 30 minutes in this area. I did want to attend Cryptosploit in half an hour but it would take half an hour to walk back and forth from the Caesars Forum.
I shrugged and headed to the platform abuse talk in the Privacy and Crypto Village. Turns out that this was a fantastic move. The content was very interesting.
First, I want to mention that the presenter was one of the Privacy and Crypto Village staff volunteers or members and was presenting with three others on a zoom call. All of the presenters were women. Most of the people at this convention are white men.
They called out specifically technologists are creating platforms that facilitate their demographic and not others. That other demographics are not considered or not handled adequately and it leads to significant harassment.
Teams are not set up to consider bad actors. Product managers only dream of their demographic's golden path.
As a consequent Twitter Fleets (an ephemeral tweet feature no one asked for) was an instrument of online harassment. See Twitter users say fleets are ripe for harassment. Fleets were removed July 2021 and Twitter did not acknowledge their use in harassment.
Honestly it's like these companies that create platforms for people to share their thoughts only react to negative events after significant harm has been done and they are pulled to testify to governments.
This talk specifically got me thinking of parallels in security systems and human systems.
Several application issues happen because untrusted data is being acted upon before it is ensured to be trustworthy. Online harassment is generally between parties where one does not deem the other as trustworthy but the human has to make the decision on whether to engage. Unfortunately, the human is harmed during that decision process because they cannot forget what they were exposed to immediately after observation. A computer can make that decision without harm if done right (again not acting on untrustworthy information). That is direct abuse.
Then there is lateral abuse where the supporting people around someone is stripped away or used to redirect harmful content in a trusted relationship.
The definition of trustworthy is different for human and computer systems though I think the pattern looks similar.
This kind of eye opening days-later pondering content is the kind of stuff I cherish from DEF CON.
I got water again and rejoined for Cryptosploit. The first ten minutes were a disaster. This was going to be a tag team presentation where the remote fellow was responsible for most of the content. Unfortunately the local presenter never confirmed the other side could hear him. We could hear the remote presenter. We could see him move his mouse. That remote presenter responded over text. Honestly having a presentation ruined because the guy on stage couldn't check if he was on mute or if he had his mic misconfigured was embarrassing to watch.
He gave up and got the slides going locally but he stumbled and just gave up part way through.
He gave up again and then started showing the tool in action with a pre-recorded video.
So what's going on here? The two made an interface that can work with Padding Oracle hints to try other encrypted RSA content.
If you have to stay with RSA, use PKCS#1 v2.2. Based on the quickly flitted slides, there was nothing for me to learn from this presentation.
Okay, the last talk. This one had "(Pre-recorded)" in the title.
Since the Cryptosploit one ended early, they had time to get it working. Except it didn't. The laptop used for presentation did not detect the projector. They asked around if anyone had a flash drive. In this day and age? So after technical difficulties, the village staff set up another laptop, and opened a Twitch stream. Huh, the guy had a backup as a Twitch vod? Interesting choice.
Then we all suffered 60hz ground loop hums for a while. Aaaaand they finally got it and started the video.
This one was about AES GCM pitfalls. Turns out it is by the same guy who did the TOTP talk, Santiago! And just like the TOTP talk (I did not mention earlier), nearly every slide had Rick and Morty or Spongebob. This one had a few Simpsons gifs and pictures too.
Again, he introduced himself not as a cryptographer but as an enthusiast.
The focus of this talk was on how many times you could use keys. There were several other issues or pitfalls mentioned but his talk was primarily on key reuse. The keywords were "Crypto Period" and "Key Life".
Crypto Period appears to be an agreed upon threshold where another key should be rotated.
He introduced what AES GCM was (AES CTR with GCM tags), mentioned nonces are standardized at 96 bits, and a bit about how things are combined together.
If a multiple payloads are encrypted with the same key and nonce, then by simply xoring them you can recover the plaintext of the other message. This is a common problem with stream ciphers.
Santiago then brings up libraries. Do they have protections in place to prevent nonce collisions?
They prevent the application from specifying the nonce upon encryption. However, they do not track key life or the Crypto Period of a key. It is up to the application to implement Crypto Period and key rotation as that requires either state or some external (i.e. cron job) force to apply.
What are some other ways to work around nonce reuse if randomness can be dangerous? Include a timestamp! Well, the timestamp leaks some information, so do consider that. But if you use an unsigned 32 bit timestamp for the time, you still have 64 bits of entropy to safely pull from at scale.
He also mentioned AES SIV, but it is not FIPS certified.
At the end he also recommended trying out libsodium if you do not need FIPS as the interface is less error prone.
That ended my day of talks so I headed back to the hotel for the closing ceremony with the DC Furries. DEF CON was officially ending.
The DC Furries room had several TVs tuned into the closing ceremony. But each TV had a slightly different time so there were echoes in the room. Several were chatting and drinking, I passed on the option given my Friday experience. It was quite loud so I barely caught what was going on in the actual closing ceremony stream.
Someone was showing me their humongous badge, four layers of PCB + acrylic for a daft-punk style icon.
I looked up and heard the transparency report. They just banned One American News Network (OANN) for breaking the code of conduct.
Twitter had more of the story:
OANN (a.k.a. OAN) is known for promoting misinformation around voting machines. They were in fact at the Voting Machine Hacking Village at DEF CON to construct their own story.
Consider the perspective that those here are trying to convey.
Some time during closing ceremony, a group of fursuits did a short parade. Unfortunately I did not see it in the room. I don't think the cameraman bothered to move the camera to the audience to show the distraction.
Naturally this got at least one response.
Wow, that was bigoted.
Like DC Furries, there is literally another convention within a convention called Queercon. As mentioned in the platform abuse talk, there are other demographics we need to be considerate and accepting of.
Not everyone here are straight white males. Those we create technology for are definitely not all straight white males.
I do a double take as the closing ceremony ended.
That screen sure brought back some memories.
Sunday after closing
I had to fly out the next day at 6 AM, and I already made mistakes on the way here so I wanted to be as well rested as possible going back home.
I went out with two others to get some all you can eat sushi, ended up talking with someone who was on stage during closing ceremony, and then we Ubered over to the location. Turns out the waiting time was an hour to even get a seat. NO WAY.
As a crew we wandered through the area and I recommended the Mongolian place after previewing its ratings online. It was a great choice in the end! And also the first solid food I had that day...
I learn one that came with us had been a Rust developer for seven years and I described my own experience with it. I said something like: If I put it down for a month, I feel like I'm biking uphill again for a few hours, every time.
On the way back we get a fantastic driver, a guy who worked in Alaska for 40 years and then came to Vegas. The car we rode in was barely a week old. He's just doing this to pass the time. Somewhere in the conversation, another in the crew mentioned they rode in a Tesla earlier.
Wait, people are renting Teslas from Uber? And they're paing a thousand or so a month for that privilege? Of course, they also do not gain any ownership of it over time. How does anyone make a living doing that?
I get back, pack up, and then sleep early.
I wake up at 3:30, before my 3:55 alarm and finish packing. Thanks to that I did not wake anyone else in the room.
I message a friend I made at a prior convention, who does light shows as a hobby for dances and raves. Turns out he was involved with the manufacturing of the badges we wore at DEF CON and he just finished a meeting with their staff.. at 3 am.
I hear about reel machines and how much packaging is involved with transporting these boards between his place of work to DEF CON's final assembly center. DEF CON put the final screen, speaker, and cover on top with a 3d printed assembly.
Before heading out myself, Soatok comes down the elevators looking tired. We greet and give goodbyes and he heads out. I wrap up my conversation with the first friend and then we separate.
There's always a taxi waiting in Vegas at any hour of the day. Though the ride was, with tax and tip, around $40.
Pre-checking and paying for my luggage is the right move. I got mine in at the curbside within five minutes and headed through security.
It went quite fast! The only thing that made it slow was people stalling the line because security called them out on cutting in front of others. Or not realizing their fancy bling was setting off the metal detector.
Anyway my stuff went through the smiths detection machine, I did not have to take out my laptop or tablet. Then I walked through the metal detector. No microwave scanning stuff.
On the way in, I find a neat statue.
I get on the tram to go from the E gates to D gates. When I get out, I see my mistake on how I got to the other terminal. They have two tram lines, one for terminal 3, and another to get to terminal 1. Where's terminal 2?
I sigh at my learned mistake and head to my gate. Nearby I talk with someone about solar panel stuff, the new bill seems to be giving some people new opportunities to install solar. It seems my installation was overpriced. That knowledge won't reduce how much I have to pay.
The trip home went well. One of the planes had TVs in every seat and the person a row in front was watching Fox News the whole time. I was astonished by the things I saw between reading Overlord on my iPad.
It seems that all that news channel could talk about was Trump this and that, even their ads were catered to an audience that treats him like some religious figure. I listen to several news sources on my smart speakers at home, NPR, Reuters, Fox News. The Fox News audio segments were never this hypnotically focused on Trump. Other ads on that channel were.. very techno-phobic and quite scammy. You know, the level of Norton Security bundled with your motherboard firmware update kind of scammy.
Arriving at home
I briefly catch up online and see some things on Twitter.
For reference, Soatok is refering to Ridgeland Mayor Gene McGee withholding $110,000 of funding from the Madison County Library System.
Ben really spells it out.
Conclusions and take aways
Although memories of it all are still settling in, I can confidently declare that my viewpont has changed because I went to DEF CON. Here's a condensed set of what I took away from Hacker Summer Camp.
None of DEF CON was expensed to work. My employer does not have enough "professional development" budget per person to even handle THAT conference entirely and I don't even have to fly to get to THAT conference to attend. Over half of those I met were expensing DEF CON, so I am a bit jealous of that.
I did make new friends and better cemented some friendships that had only been online prior. It was highly educational, but I did not get the social fulfillment within applied cryptography that I had hoped for.
I think I'd have a better time at DEF CON if I go again next year.