Just enough crypto for the web

Hi! If you're here, it's probably because I promised some references during my CodeMotion Berlin talk "Just enough crypto for the web." Here you go!

The security news I shared was,

TLS consists of asymmetric encryption using (usually) RSA, symmetric encryption using AES, and Diffie-Hellman key exchange.

In the intermezzo, I used Google research on the difference between non-experts and experts on staying safe online.

All your passwords should be stored hashed, salted and encrypted with a good hashing function like SCrypt or BCrypt. I usually tune my hashing algorithm to take a few tenths of seconds on the production server.

My employer, Luminis, has kindly paid for my time and travel. If you want to work with me, come say hi!