require('crypto') is a human right

Slides

An accessible tour of the Node.js Crypto API through the lens of history and politics.

  • Diffie-Hellman & RSA: key generation, encrypt, and decrypt.
  • RSA sign and verify.
  • AES and other symmetric ciphers.

Almost everything in OpenSSL has a rich history. A lot of the code we link when compiling Node.js was once illegal to disseminate under treaties that regulate things like fighter jets and night vision.

The effort to weaken these tools is still underway. You can't help fight that effort unless you are knowledgeable of more than just the basic implementation details.

By the end of the talk you will have been exposed to the important concepts, applied and theoretical, necessary to use strong cryptography in any of your Node.js projects. I'll crack some weak keys of different types in realtime using the cluster API and some spare cloud resources if my company has any spare AWS reserved instances. I'll also leave you with a drive to protect access to strong cryptography all over the world.

Code of Conduct

We are an inclusive, kind community that is constantly growing. Please find our Code of conduct, and try and make your fellow Cascadians (& fellow programmers) feel welcome!