- Goals of the
crypto
module - "Why do I need crypto? I am already using TLS!"
- Password encryption
- User data encryption (with authentication)
- Signing data
- Using cryptographically-safe hashes
- Crypto-safe random number generation
- Interoperate with other crypto systems → WebCrypto
- Maybe some one-slide examples
- "Why
crypto
isn't simple" (Plug forsimple-crypto
/crypt
)- Sometimes, easy isn't what you're aiming for :P
- Target audience of the
crypto
module (don't touch it if you don't know what you're playing with) [CAUTION] - Side-channel attacks (?)
- safe vs. secure
- safe vs. feature-complete (?)
- "Don't roll out your own crypto" (The beauty and pragmatism behind OpenSSL)
- Recent security fixes in the
crypto
andtls
modules. - What did we change? How did we make the crypto module better?
- add scrypt support
- AEAD: GCM, CCM, OCB
- RSASSA-PSS
createCipherIV
can be used instead ofcreateCipher
... always- Recent work on error queues.
- (Planned for node 11:) Rework error handling across the crypto module (still no proper error codes)
- (Planned:) Key pair generation
- "
crypto
in the wild" (Interesting stuff people make using crypto)- Unconventional applications
- Super popular applications (so that people know that stuff they've used all along is actually implemented using/achieved with
crypto
)
- Interesting case studies (?)
- JWT (link)
Created
October 8, 2018 09:00
-
-
Save ryzokuken/fb81129fa7c0f655f4a5136630e9380f to your computer and use it in GitHub Desktop.
Outline for the talk - State of Crypto in Node.js
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment