< NULLCON 2025 - BERLIN />

About the Speaker

CFP CTF Live Bug Hunting Registration Training Schedule Speakers Sponsors Hack Young Venue
GO BACK
img
Hanno Böck
Freelancer

< Talk Title />

Finding insecure cryptographic keys in DKIM, DNSSEC, OpenID Connect, and elsewhere

< Talk Category />

Technical Speakers

< Talk Abstract />

Public key cryptography plays an important role in Internet security, however, its security obviously relies on keeping the private key private.

The speaker is the developer of badkeys, an Open Source tool to identify cryptographic keys with known vulnerabilities. The talk will present some of the security vulnerabilities discovered using badkeys.

 

See also:
https://badkeys.info/
https://www.youtube.com/watch?v=KfvVlX30AJk (For context, check out our Nullcon 2022 talk on badkeys—this year we’ll focus only on new discoveries.)
 

< Speaker Bio />

Hanno Böck (https://hboeck.de/) is a security researcher and freelance journalist. He has published several research papers on TLS vulnerabilities, most notably the ROBOT attack (Usenix Security 2018), GCM implementation flaws (Usenix WOOT 2016) and STARTTLS flaws (Usenix Security 2020).

Mastodon: https://mastodon.social/@hanno